ntlmv1 authentication on Yosemite desktop share

Affichage de 15 messages sur 5
ntlmv1 authentication on Yosemite desktop share Allan 23/10/14 06:37
I've a few clients restricted on Windows systems (through local policy)
that can only authenticate using LM or NTLMv1 ... don't ask !! Since
upgrade to Yosemite those client connections are rejected. Can't change
Windows clients - what options on Yosemite to enable ntlmv1 auth on SMB
shares?

Re: ntlmv1 authentication on Yosemite desktop share Jaimie Vandenbergh 23/10/14 08:23
What were you running before? I though NTLMv1 support had gone away in
10.7, when Apple replaced Samba with its own Windows sharing
implementation.

Your choices are probably restricted to
a) reverting to whichever OSX you were on before
b) compiling and installing a modern Samba with NTLMv1 support (and that
may be a contradiction in terms, I'm not sure!) and using that instead
c) Carry around a VM of either the older OSX or an older Windows and use
that to share

Or burn down the clients, that would probably be appropriate.

        Cheers - Jaimie
--
"Once you adopt the unix paradigm, the variants cease to be a problem - you
bitch, of course, but that's because bitching is fun, unlike M$ OS's, where
bitching is required to keep your head from exploding." - S Stremler in afc
Re: ntlmv1 authentication on Yosemite desktop share Allan 23/10/14 08:26
Managed to work it out ... or at least what looks like a solution.

dtruss'd smbd and noticed it trying to open a com.apple.GSS.NTLM.plist
file which didn't exist. Created one with the following content and all
seems to work ... for now at least :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>NTLMv1</key><true/>
    <key>NTLMv2</key><true/>
  </dict>
</plist>
Re: ntlmv1 authentication on Yosemite desktop share Jaimie Vandenbergh 23/10/14 08:40
On Thu, 23 Oct 2014 16:26:00 +0100, Allan <alli...@hotmail.com> wrote:

>Managed to work it out ... or at least what looks like a solution.
>
>dtruss'd smbd and noticed it trying to open a com.apple.GSS.NTLM.plist
>file which didn't exist. Created one with the following content and all
>seems to work ... for now at least :
>
><?xml version="1.0" encoding="UTF-8"?>
><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
>"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
><plist version="1.0">
>  <dict>
>    <key>NTLMv1</key><true/>
>    <key>NTLMv2</key><true/>
>  </dict>
></plist>

Wow. I'm shocked and amazed. Good work!

        Cheers - Jaimie
--
Note that despite substantial evidence to the contrary, it is in fact possible
to delete files copied to the desktop, and you don't need to throw away the
computer and get a new one once the desktop is full.     -- Peter Corlett, ASR
Re: ntlmv1 authentication on Yosemite desktop share msf...@gmail.com 13/10/15 04:07
Allan
I am trying to figure this out on a El Capitain machine connecting to an older windows based music server (hence can change that OS).  For a not techie, like me, can you help explain how to do this?

thank you

-michael

msf...@gmail.com