9.10.2-U2 update broke Win XP cifs?

[Natek83]

I had fully working CIFS shares accessible by all my computers but after installing the latest update it seems that my XP machines' credentials aren't being accepted. I get the security prompt for user name and password constantly when I try to log on a share with guest access disabled. I can map any share with guest access enabled fine if a put in a different user name instead of the XP user account name.

 

[Natek83]

I have confirmed this is correct. I activated and rebooted to 9.10.1-U2 and XP machines are able to have their credentials accepted and mount the shares without guest access.

 

[anodos]

Set auxiliary parameter "ntlm auth = yes" under 'services' -> 'smb'

 

[anodos]

Do note that ntlmv1 is only slightly more secure than ROT13. I don't typically recommend enabling it, but the presence of XP indicates that security isn't a high priority for you. :D

 

[Natek83]

Sorry if this seems like a necro post, I finally have gotten back around to updating my freenas and addressing this issue. I'm wondering can I pass that option into the aux parameter field of only a single share? I have a vlan with my XP/W9X/MS-DOS gaming computers isolated from the rest of the devices in my house. I am trying to follow best practices to maintain my lan's security without giving up entirely on my old hardware. Would you happen to know what auth parameter I can use to get the W9X computers to work with a samba share? I tried going through the samba docs but I couldn't find a list.

 

[Natek83]

I tested and found "ntlm auth = yes" only works as a global aux parameter and not per share. Does turning this parameter on downgrade the security on all clients, even newer OS's, or can they still run the more recent auth type? I assume it does downgrade all clients at once. I'd rather not have every computer using an insecure connection so maybe I need to look at providing shares to the older hardware using a 2nd samba server in a jail or something.