Project

General

Profile

Bug #21946

Can't access freenas with Win XP after upgrade

Added by Andrea Ambrosio over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Important
Assignee:
John Hixson
Category:
OS
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

After upgrading to 9.10.2-U2, I can't reach my SMB shares under Win XP; everything is fine under Win 10.


Related issues

Related to FreeNAS - Bug #21906: samba ( cifs ) not available from windows xp user.Closed: Behaves correctly2017-03-07
Related to FreeNAS - Bug #21950: no smb access since updateClosed: Duplicate2017-03-08

Associated revisions

Revision 9d1bac8c (diff)
Added by Warren Block over 3 years ago

Add note about enabling NTLMv1 for XP access with new Samba. Ticket: #21906 Ticket: #21946

Revision afa4b9a1 (diff)
Added by Warren Block over 3 years ago

Add description of new NTLMv1 auth checkbox for SMB. Ticket: #21906 Ticket: #21946

History

#1 Avatar?id=14398&size=24x24 Updated by Kris Moore over 3 years ago

  • Assignee set to John Hixson

#2 Updated by an odos over 3 years ago

This has been reported in the forums. It may be related to changes in how Samba handles ntlm auth. Some users have reported that settings the global auxiliary parameter

ntlm auth = yes
resolves the issue. Which is odd because I believe that is the default setting in samba.

Additionally, some users have reported working around the issue in XP by changing the GPO

Network security: LAN Manager authentication level
to
Send NTLMv2 response only\refuse LM and NTLM

I imagine upgrading to a modern OS also works around the issue. :)

#3 Updated by Dru Lavigne over 3 years ago

  • Related to Bug #21906: samba ( cifs ) not available from windows xp user. added

#4 Updated by an odos over 3 years ago

Sorry to spam this a bit. I finally upgraded and realized that you had bumped the samba version to 4.5.5. In Samba 4.5 the default for "ntlm auth" switched to "no"
https://www.samba.org/samba/history/samba-4.5.0.html

NTLMv1 authentication disabled by default
-----------------------------------------
In order to improve security we have changed the default value for the "ntlm auth" option from "yes" to "no". This may have impact on very old clients which doesn't support NTLMv2 yet.

The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.

By default, Samba will only allow NTLMv2 via NTLMSSP now, as we have the following default "lanman auth = no", "ntlm auth = no" and "raw NTLMv2 auth = no

The options for Windows XP users are either to (1) re-enable ntlm or (2) adjust group policy settings to only use ntlmv2.

#5 Updated by John Hixson over 3 years ago

  • Status changed from Unscreened to Screened

After discussing this, we are going to create a checkbox to enable NTLMv1 auth. It will be turned off by default. I'll have this done next week.

#6 Updated by Dru Lavigne over 3 years ago

  • Related to Bug #21950: no smb access since update added

#7 Updated by Vaibhav Chauhan over 3 years ago

  • Target version set to 9.10.3

#8 Updated by Vaibhav Chauhan over 3 years ago

  • Priority changed from No priority to Important

#9 Updated by John Hixson over 3 years ago

Andrea, can you confirm that setting ntlm auth = yes in the global auxiliary parameters for smb works for you?

#10 Updated by John Hixson over 3 years ago

  • Status changed from Screened to 15

#11 Updated by Andrea Ambrosio over 3 years ago

YES, setting ntlm auth = yes in the global auxiliary parameters for smb works perfectly, and solved immediately the issue. Thank you very much for the outstanding and helpful support you gave me so quickly!

#12 Updated by John Hixson over 3 years ago

  • Status changed from 15 to Resolved

ok, the fix is in 9.10.3. You can keep the auxiliary parameter in until then. We have added a checkbox in 9.10.3 that does the same thing.

#13 Avatar?id=14398&size=24x24 Updated by Kris Moore over 3 years ago

  • Target version changed from 9.10.3 to 11.0

#15 Updated by Vaibhav Chauhan over 3 years ago

  • Target version changed from 11.0 to 11.0-RC

#16 Updated by Basil Hendroff over 3 years ago

See 'doc error' #24946

Also available in: Atom PDF