Re: CIFS and Windows Server 2003
From: Steve Schofield (steve_at_adminblogs.com)
Date: 05/10/04
- Next message: Dave Shaw [MVP]: "Re: Restored Win2K3 Server from backup, can no longer authenticate"
- Previous message: Lee Flight: "ADAM ldifde macro expansion"
- In reply to: Joe Richards [MVP]: "Re: CIFS and Windows Server 2003"
- Next in thread: Joe Richards [MVP]: "Re: CIFS and Windows Server 2003"
- Reply: Joe Richards [MVP]: "Re: CIFS and Windows Server 2003"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 10 May 2004 19:13:38 -0400
ran into the same thing with Novell CIFS, it has something to do with
digital signing in both default domain policies. We changed the following
security policy settings on BOTH of the following:
Default Domain Policy
Default Domain Controllers Policy
1. Start | Programs | Administrative tools
2. Choose Domain Controller Security Policy | Local Policies | Security
Options
3. Change the following:
Microsoft network server: Digitally sign communications (always)
Value = disabled
Network security: LAN Manager authentication level value = Send
LM & NTLM - use NTLMc2 session
security if negotiated
4. Close
5. Choose Domain Security Policy | Local Policies | Security Options
6. Change the following:
Microsoft network server: Digitally sign communications (always)
Value = disabled
Network security: LAN Manager authentication level value = Send
LM & NTLM - use NTLMc2 session
security if negotiated
Steve Schofield
steve@deviq.com
Microsoft MVP - ASP.NET
http://deviq.com
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:e19eX5fNEHA.3016@tk2msftngp13.phx.gbl...
> Are you using kerberos for the authentication from HPUX? That may be the
issue.
> Windows Server 2003 drops one or more of the more insecure kerberos
mechanisms.
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
>
> faels wrote:
> > We are currently using FacetCorp's FacetWin to access resources on an
> > HPUX platform from Windows.
> >
> > We recently upgraded one of our domain controllers to Windows Server
> > 2003 Standard Edition. Prior to the upgrade, we were successfully
> > using this server to authenticate users trying to access NetBIOS
> > resources on the HPUX box. After the upgrade we started receiving
> > errors when trying to authenticate using the new 2003 DC. Everything
> > seems to work for a few hours before authentication starts to fail.
> >
> > If we point the HPUX box to a Windows 2000 domain controller,
> > everything works just fine.
> >
> > We have disabled all policies requiring SMB signing, and enabled
> > "Sending unencrypted passwords to third party SMB servers" for the
> > domain. I am also supporting all available types of LM and NTLM
> > authentication.
> >
> > I have created SPNs for the Windows services that need access to the
> > Unix resources, trusted the associated machines and services users for
> > delegation, and still can't get it to work.
> >
> > Can anybody tell me why this works on 2000 but not on 2003? Is it a
> > Kerberos issue? If so, is there any sound literature on service
> > principal names and their role in AD?
> >
> > I tried capturing packets, but could not find any useful information.
- Next message: Dave Shaw [MVP]: "Re: Restored Win2K3 Server from backup, can no longer authenticate"
- Previous message: Lee Flight: "ADAM ldifde macro expansion"
- In reply to: Joe Richards [MVP]: "Re: CIFS and Windows Server 2003"
- Next in thread: Joe Richards [MVP]: "Re: CIFS and Windows Server 2003"
- Reply: Joe Richards [MVP]: "Re: CIFS and Windows Server 2003"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
