SOLVED cannot connect to my SMB share since upgrading to windows 8.1

[Keven]

Hi,

I have many computer on windows 7 at home and i am starting to upgrade them to windows 8.1 embedded 64-bit, but when I tried to connect the windows 8.1 machine to the SMB share I have running it won't work, telling me I have the wrong credentials.

on the 8.1 machine I have enable network discovery. I am able to click on the FREENAS machine and see all SMB Share, but i am unable to connect to any of them. I tried multiple credentials that work right now on windows 7 but no one works on windows 8.1

 

[dlavigne]

Have you resolved this? If not, post the contents of smb4.conf.

 

[Keven]

not resolve yet...
Here is the content of

Code:

[global]
	server max protocol = SMB3
	encrypt passwords = yes
	dns proxy = no
	strict locking = no
	oplocks = yes
	deadtime = 15
	max log size = 51200
	max open files = 465860
	logging = file
	load printers = no
	printing = bsd
	printcap name = /dev/null
	disable spoolss = yes
	getwd cache = yes
	guest account = nobody
	map to guest = Bad User
	obey pam restrictions = yes
	directory name cache size = 0
	kernel change notify = no
	panic action = /usr/local/libexec/samba/samba-backtrace
	nsupdate command = /usr/local/bin/samba-nsupdate -g
	server string = FreeNAS Server
	ea support = yes
	store dos attributes = yes
	lm announce = yes
	hostname lookups = yes
	time server = yes
	acl allow execute always = true
	dos filemode = yes
	multicast dns register = yes
	domain logons = no
	local master = yes
	idmap config *: backend = tdb
	idmap config *: range = 90000001-100000000
	server role = standalone
	netbios name = FREENAS
	workgroup = WORKGROUP
	security = user
	pid directory = /var/run/samba
	create mask = 0666
	directory mask = 0777
	client ntlmv2 auth = yes
	dos charset = CP437
	unix charset = UTF-8
	log level = 1
	

[Corrussante]
	path = /mnt/Vol1/Bibliotheque
	printable = no
	veto files = /.snapshot/.windows/.mac/.zfs/
	writeable = yes
	browseable = yes
	shadow:snapdir = .zfs/snapshot
	shadow:sort = desc
	shadow:localtime = yes
	shadow:format = auto-%Y%m%d.%H%M-100y
	shadow:snapdirseverywhere = yes
	vfs objects = shadow_copy2 zfs_space zfsacl streams_xattr aio_pthread
	hide dot files = yes
	guest ok = no
	nfs4:mode = special
	nfs4:acedup = merge
	nfs4:chown = true
	zfsacl:acesort = dontcare
	

[Jail]
	path = /mnt/Vol1/Jail
	printable = no
	veto files = /.snapshot/.windows/.mac/.zfs/
	writeable = yes
	browseable = yes
	shadow:snapdir = .zfs/snapshot
	shadow:sort = desc
	shadow:localtime = yes
	shadow:format = auto-%Y%m%d.%H%M-1w
	shadow:snapdirseverywhere = yes
	vfs objects = shadow_copy2 zfs_space zfsacl streams_xattr aio_pthread
	hide dot files = yes
	guest ok = yes
	nfs4:mode = special
	nfs4:acedup = merge
	nfs4:chown = true
	zfsacl:acesort = dontcare
	

[Keven Backup]
	path = /mnt/Vol1/Backup/Keven
	printable = no
	veto files = /.snapshot/.windows/.mac/.zfs/
	writeable = yes
	browseable = yes
	vfs objects = zfs_space zfsacl streams_xattr aio_pthread
	hide dot files = yes
	guest ok = no
	nfs4:mode = special
	nfs4:acedup = merge
	nfs4:chown = true
	zfsacl:acesort = dontcare
	

[VBL]
	path = /mnt/Vol1/VBL
	printable = no
	veto files = /.snapshot/.windows/.mac/.zfs/
	writeable = yes
	browseable = yes
	shadow:snapdir = .zfs/snapshot
	shadow:sort = desc
	shadow:localtime = yes
	shadow:format = auto-%Y%m%d.%H%M-100y
	shadow:snapdirseverywhere = yes
	vfs objects = shadow_copy2 zfs_space zfsacl streams_xattr aio_pthread
	hide dot files = yes
	guest ok = no
	nfs4:mode = special
	nfs4:acedup = merge
	nfs4:chown = true
	zfsacl:acesort = dontcare
	

[testshare]
	path = /mnt/Vol1/Test
	printable = no
	veto files = /.snapshot/.windows/.mac/.zfs/
	writeable = yes
	browseable = yes
	vfs objects = zfs_space zfsacl streams_xattr aio_pthread
	hide dot files = yes
	hosts allow = 10.0.1.131
	guest ok = yes
	nfs4:mode = special
	nfs4:acedup = merge
	nfs4:chown = true
	zfsacl:acesort = dontcare

 

[anodos]

Keven, under Services->SMB increase log level to "debug", then reproduce the issue. Once you have done this, generate a debug file (System->Advanced->Save Debug) and send it to me via Private Message.

 

[Keven]

I found the solution, the problem was

Code:

ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user

so you have to change NTLM setting on the client-side.

Unfortunately not all versions of Windows appear to ship the policies editor. Windows 8 doesn't for example but Windows 8 Pro does, so depending on your version you would be able to use it or not.

Press Win+R to open the "Run" dialog. Either way type gpedit.msc and if it appears in the first case or you're able to run it do so.

Then navigate to Local Computer Policy -> Windows Settings -> Security Settings -> Local Policies -> Security Options. There locate Network security: LAN Manager authentication level and change it to whatever of the 6 options works for you.

For me it was Send NTLMv2 response only but your mileage may vary

If you're not able to access the policies editor you can accomplish the same by editing the registry yourself. Concretely the key you have to edit for that policy is:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

There, add (or edit) a DWORD value named LmCompatibilityLevel and set it to the value you require according to the following table:

0 - Send LM & NTLM responses
1 - Send LM & NTLM responses, use NTLMv2 session security if negotiated
2 - Send NTLM response only
3 - Send NTLMv2 response only
4 - Send NTLMv2 response only, refuse LM
5 - Send NTLMv2 response only, refuse LM & NTLM

I hope that helps.

credit to :
@anodos for analyzing the debug output
and a superusers thread for registry edit path : https://superuser.com/questions/483958/windows-8-security-policy-lan-manager-authentication-level