E
Erik Hamzy
Guest
- Thread Author
- #1
Navigation section
U
Unregistered
Guest
- Thread Author
- #2
According to Adaptec's site, some SNAP servers are not supported by Vista. I've had the same problem with my Vista setup.
U
Unregistered
Guest
- Thread Author
- #3
Snap server 2200
I had the same problem - our logon scripts would map the Snap Server network drives on Vista machines.
After serveral hours of trying to make it work, I created a new admin local user on the Snap Server administration pages, and used that username and password when connecting to the snap server. So now I've manually mapped connections to the shares using not my domain credentials, but the local user from the snap server.
Apart from the inconvenience it all works fine an' dandy!
I had the same problem - our logon scripts would map the Snap Server network drives on Vista machines.
After serveral hours of trying to make it work, I created a new admin local user on the Snap Server administration pages, and used that username and password when connecting to the snap server. So now I've manually mapped connections to the shares using not my domain credentials, but the local user from the snap server.
Apart from the inconvenience it all works fine an' dandy!
U
Unregistered
Guest
- Thread Author
- #4
That should say our logon scripts WOULDN'T map the ......!!
Raymond Zachary
New Member
- Joined
- Dec 24, 2006
- Messages
- 26
Logon to SNAP Server
Several months ago I posted a similar problem regarding logging onto a SNAP 1100, which albeit old, still works well with all other computers and operating systems on the network. The problem I had was that when I typed in the logon which SNAP expected to see, Vista placed the name of my computer with a backslash in front of the logon name. The SNAP OS does not tolerate backslashes. After months of trying to solve this problem including futile discussions with MIcrosoft who could not bring themselves to address the problem because they were too hung up on whether they should be talking to a beta user at all, I finally took the approach of removing every scintilla of security from SNAP so that no logon was required. This was not too risky as I control all of the computers on the network in a home business environment and I have plenty of firewall and NAT protection. This approach worked perfectly although it is ironic that in order to make Vista (Microsoft's best effort to date on security) work, I had to remove all the security from one of my servers.
Needless to say I am not racing out to pay top dollar for Vista and will not shop until the Beta license is close to expiring. I think the days I spent on the phone trying to break through the bureacratic morass which is Microsoft makes me wonder if they have configuration control on Vista, a design and production requirement for any large software development where there is hope for proper repair and maintenance. They stuggled with this issue of real centralized configuration control on XP which is one reason it became such a kluge.
Oh well, size does matter if temporary survival is what counts.
Several months ago I posted a similar problem regarding logging onto a SNAP 1100, which albeit old, still works well with all other computers and operating systems on the network. The problem I had was that when I typed in the logon which SNAP expected to see, Vista placed the name of my computer with a backslash in front of the logon name. The SNAP OS does not tolerate backslashes. After months of trying to solve this problem including futile discussions with MIcrosoft who could not bring themselves to address the problem because they were too hung up on whether they should be talking to a beta user at all, I finally took the approach of removing every scintilla of security from SNAP so that no logon was required. This was not too risky as I control all of the computers on the network in a home business environment and I have plenty of firewall and NAT protection. This approach worked perfectly although it is ironic that in order to make Vista (Microsoft's best effort to date on security) work, I had to remove all the security from one of my servers.
Needless to say I am not racing out to pay top dollar for Vista and will not shop until the Beta license is close to expiring. I think the days I spent on the phone trying to break through the bureacratic morass which is Microsoft makes me wonder if they have configuration control on Vista, a design and production requirement for any large software development where there is hope for proper repair and maintenance. They stuggled with this issue of real centralized configuration control on XP which is one reason it became such a kluge.
Oh well, size does matter if temporary survival is what counts.
Tony
New Member
- Joined
- Feb 7, 2007
- Messages
- 6
U
Unregistered
Guest
- Thread Author
- #7
To prevent the computer name being appended to your username
I have found that if you alter the value of the LM authentication level to 2 in VISTA (see below from MS) then the computername\ is not appended to username for network login in. Still will not get me into my Snap1100 but will let me log on to my linux & xp shares. This info my give someone more knoledgable a clue as to what to try next.
[10. Network security: Lan Manager authentication level a. Background
LAN Manager (LM) authentication is the protocol that is used to authenticate Windows clients for network operations, including domain joins, accessing network resources, and user or computer authentication. The LM authentication level determines which challenge/response authentication protocol is negotiated between the client and the server computers. Specifically, the LM authentication level determines which authentication protocols that the client will try to negotiate or that the server will accept. The value that is set for LmCompatibilityLevel determines which challenge/response authentication protocol is used for network logons. This value affects the level of authentication protocol that clients use, the level of session security negotiated, and the level of authentication accepted by servers, according to the following table:
Possible settings include the following.Value Setting Description
0 Send LM & NTLM responses Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
1 Send LM & NTLM - use NTLMv2 session security if negotiated Clients use LM and NTLM authentication, and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
2 Send NTLM response only Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
3 Send NTLMv2 response only Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
4 Send NTLMv2 response only/refuse LM Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it. Domain controllers refuse LM and accept only NTLM and NTLMv2 authentication).
5 Send NTLMv2 response only/refuse LM & NTLM Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (they accept only NTLMv2 authentication).
Note In Windows 95, Windows 98, and Windows 98 Second Edition, the Directory Services Client uses SMB signing when it authenticates with Windows Server 2003 servers by using NTLM authentication. However, these clients do not use SMB signing when they authenticate with these servers by using NTLMv2 authentication. Additionally, Windows 2000 servers do not respond to SMB signing requests from these clients.
Check the LM authentication level You must change the policy on the server to permit NTLM, or you must configure the client computer to support NTLMv2.
If the policy is set to (5) Send NTLMv2 response only\refuse LM & NTLM on the target computer that you want to connect to, you must either lower the setting on that computer or set the security to the same setting that is on the source computer that you are connecting from.
Find the correct location where you can change the LAN manager authentication level to set the client and the server to the same level. After you find the policy that is setting the LAN manager authentication level, if you want to connect to and from computers that are running earlier versions of Windows, lower the value to at least (1) Send LM & NTLM - use NTLM version 2 session security if negotiated.
For example, you may have to look on the domain controller, or you may have to look at the domain controller's policies.
Look on the domain controller
Note You may have to repeat the following procedure on all the domain controllers.1. Click Start, point to Programs, and then click Administrative Tools.
2. Under Local Security Settings, expand Local Policies.
3. Click Security Options.
4. Double-click Network Security: LAN manager authentication level, and then click an appropriate value in the list.
If the Effective Setting and the Local Setting are the same, the policy has been changed at this level. If the settings are different, you must check the domain controller's policy to find out whether the Network Security: LAN manager authentication level setting is defined there. If it is not defined there, look at the domain controller's policies.
Look at the domain controller's policies1. Click Start, point to Programs, and then click Administrative Tools.
2. In the Domain Controller Security policy, expand Security Settings, and then expand Local Policies.
3. Click Security Options.
4. Double-click Network Security: LAN manager authentication level, and then click an appropriate value in the list.
Note• You may also have to check policies that are linked at the site level, at the domain level, or at the organizational unit (OU) level to determine where you must configure the LAN manager authentication level.
• If you implement a Group Policy setting as the default domain policy, the policy is applied to all the computers in the domain.
• If you implement a Group Policy setting as the default domain controller's policy, the policy applies only to the servers in the domain controller's OU.
• It is a good idea to set the LAN manager authentication level in the lowest entity of necessary scope in the policy application hierarchy.
Refresh the policy after you make any changes. (If the change is at the local security settings level, the change is immediate. However, you must restart the clients before you test.)
I have found that if you alter the value of the LM authentication level to 2 in VISTA (see below from MS) then the computername\ is not appended to username for network login in. Still will not get me into my Snap1100 but will let me log on to my linux & xp shares. This info my give someone more knoledgable a clue as to what to try next.
[10. Network security: Lan Manager authentication level a. Background
LAN Manager (LM) authentication is the protocol that is used to authenticate Windows clients for network operations, including domain joins, accessing network resources, and user or computer authentication. The LM authentication level determines which challenge/response authentication protocol is negotiated between the client and the server computers. Specifically, the LM authentication level determines which authentication protocols that the client will try to negotiate or that the server will accept. The value that is set for LmCompatibilityLevel determines which challenge/response authentication protocol is used for network logons. This value affects the level of authentication protocol that clients use, the level of session security negotiated, and the level of authentication accepted by servers, according to the following table:
Possible settings include the following.Value Setting Description
0 Send LM & NTLM responses Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.
1 Send LM & NTLM - use NTLMv2 session security if negotiated Clients use LM and NTLM authentication, and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
2 Send NTLM response only Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
3 Send NTLMv2 response only Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.
4 Send NTLMv2 response only/refuse LM Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it. Domain controllers refuse LM and accept only NTLM and NTLMv2 authentication).
5 Send NTLMv2 response only/refuse LM & NTLM Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (they accept only NTLMv2 authentication).
Note In Windows 95, Windows 98, and Windows 98 Second Edition, the Directory Services Client uses SMB signing when it authenticates with Windows Server 2003 servers by using NTLM authentication. However, these clients do not use SMB signing when they authenticate with these servers by using NTLMv2 authentication. Additionally, Windows 2000 servers do not respond to SMB signing requests from these clients.
Check the LM authentication level You must change the policy on the server to permit NTLM, or you must configure the client computer to support NTLMv2.
If the policy is set to (5) Send NTLMv2 response only\refuse LM & NTLM on the target computer that you want to connect to, you must either lower the setting on that computer or set the security to the same setting that is on the source computer that you are connecting from.
Find the correct location where you can change the LAN manager authentication level to set the client and the server to the same level. After you find the policy that is setting the LAN manager authentication level, if you want to connect to and from computers that are running earlier versions of Windows, lower the value to at least (1) Send LM & NTLM - use NTLM version 2 session security if negotiated.
For example, you may have to look on the domain controller, or you may have to look at the domain controller's policies.
Look on the domain controller
Note You may have to repeat the following procedure on all the domain controllers.1. Click Start, point to Programs, and then click Administrative Tools.
2. Under Local Security Settings, expand Local Policies.
3. Click Security Options.
4. Double-click Network Security: LAN manager authentication level, and then click an appropriate value in the list.
If the Effective Setting and the Local Setting are the same, the policy has been changed at this level. If the settings are different, you must check the domain controller's policy to find out whether the Network Security: LAN manager authentication level setting is defined there. If it is not defined there, look at the domain controller's policies.
Look at the domain controller's policies1. Click Start, point to Programs, and then click Administrative Tools.
2. In the Domain Controller Security policy, expand Security Settings, and then expand Local Policies.
3. Click Security Options.
4. Double-click Network Security: LAN manager authentication level, and then click an appropriate value in the list.
Note• You may also have to check policies that are linked at the site level, at the domain level, or at the organizational unit (OU) level to determine where you must configure the LAN manager authentication level.
• If you implement a Group Policy setting as the default domain policy, the policy is applied to all the computers in the domain.
• If you implement a Group Policy setting as the default domain controller's policy, the policy applies only to the servers in the domain controller's OU.
• It is a good idea to set the LAN manager authentication level in the lowest entity of necessary scope in the policy application hierarchy.
Refresh the policy after you make any changes. (If the change is at the local security settings level, the change is immediate. However, you must restart the clients before you test.)
Tony
New Member
- Joined
- Feb 7, 2007
- Messages
- 6
That is great information... I was able to connect to a local SNAP account by setting that LAN Manager setting to Send LM & NTLM: Use NTLMv2 if negotiated in my local policy. Still not working with domain logins, but this is a great step forward for business that are stuck with these unsupported SNAP server. Local accounts could potentially be created for each user.
If you want to login to your SNAP Server, try using <SNAP_SERVER_NAME>\<Local Account Name> with the setting above.
If you want to login to your SNAP Server, try using <SNAP_SERVER_NAME>\<Local Account Name> with the setting above.
I spent hours on this... and this worked for me, as well. I have a trusty SNAP Server 2000 series and *just* bought a Buffalo TeraStation to replace it. I haven't even opened the package and thought I would Google one more time for a Vista/SNAP server solution. I'll be taking the TeraStation back tomorrow. I was concerned about it, anyway, based on the reviews I have seen. Thanks for the research...I'll try to spread this link to others.
Michael
Michael
I
Ian D
Guest
- Thread Author
- #10
We have a Snap Server 1100 on a workgroup at work and I spent hours trying to fix the "\" appending in front of the username until I found this thread.
For others out there in the same position as me here is a quick step by step guide on how to modify Vista and fix the backslash problem.
1) Click Start
2) Click Control Panel (not classic view)
3) Click System & Maintenance
4) Click Administrative Tools
5) Double Click Local Security Policy
6) On the left pane, click to expand Local Policies
7) On the left pane, click on Security Options
8) Now, on the right pane, near the bottom, click on
Network Security LAN Manager Authentication Level
9) On the drop down, change the default setting (NTLMv2 only) to
Send LM & NTLM - use NTLMv2 session if negotiated.
Hope this saves others the hours that I wasted!
For others out there in the same position as me here is a quick step by step guide on how to modify Vista and fix the backslash problem.
1) Click Start
2) Click Control Panel (not classic view)
3) Click System & Maintenance
4) Click Administrative Tools
5) Double Click Local Security Policy
6) On the left pane, click to expand Local Policies
7) On the left pane, click on Security Options
8) Now, on the right pane, near the bottom, click on
Network Security LAN Manager Authentication Level
9) On the drop down, change the default setting (NTLMv2 only) to
Send LM & NTLM - use NTLMv2 session if negotiated.
Hope this saves others the hours that I wasted!
Tony
New Member
- Joined
- Feb 7, 2007
- Messages
- 6
I also posted step-by-step instructions at my site yesterday:
If you are looking to upgrade to Windows Vista and also have a Snap Server 4100 (or 1100), then there are certain incompatibilities that you should be aware of. First, domain authentication does not work correctly with the SNAP and Vista. Also, you will not be able to access the SNAP Server using local accounts with the Windows Vista default settings. Luckily, with help of the folks over at WinVistaForums, I’ve found a workaround that will allow you to map drives using built-in SNAP accounts. Here are the steps:
For more information and a discussion on this issue, check out this thread on Link Removed. Much of the information used here was obtained from that disucussion.
If you are looking to upgrade to Windows Vista and also have a Snap Server 4100 (or 1100), then there are certain incompatibilities that you should be aware of. First, domain authentication does not work correctly with the SNAP and Vista. Also, you will not be able to access the SNAP Server using local accounts with the Windows Vista default settings. Luckily, with help of the folks over at WinVistaForums, I’ve found a workaround that will allow you to map drives using built-in SNAP accounts. Here are the steps:
- First, check to see if your security policies are set on the domain level if running your machines on a domain. If you are, your will want to set the security policy on the domain controller instead of the local machines.
- On the Vista Machine (or Domain Controller), select Administrative Tools->Local Security Policy.
- Select Local Policies->Security Options->Network security: LAN Manager authentication level.
- Use the setting “Send LM & NTLM - use NTLM v.2 if negotiated”
- Next, you will have to map a drive under the Computer window.
- Under the Map Drive dialog box, select a share using this syntax: \\SNAP_SERVER NAME\SHARE_NAME
- Select the option to enter a user name, and enter the credentials for a local account on the SNAP. Be sure to use the syntax: SNAP_SERVER_NAME\USER_NAME for the username. If you try to only enter a username or a domain account, this will not work.
- You should now have full access to your share from Windows Vista.
For more information and a discussion on this issue, check out this thread on Link Removed. Much of the information used here was obtained from that disucussion.
H
Holzi
Guest
- Thread Author
- #12
Vista, Snapserver and Workgroup
Hi all,
I'm not using domains at my homenetwork, only workgroup.
I get a connect to the server without any problems, when I've changed the security policy to "Send LM & NTLM - use NTLM version 2 session security if negotiated".
At the webinterface I see, that I'm connected with the right user, I get also connected local.
I can copy files and folders, but if I create a new folder, I get new folders till I kill the explorer task. I'm also not able to delete non-empty folders. I can move folders and can delete the files into the folders. But I can only delete folders, if the are empty.
Can somebody confirm this issue by using workgroups instead of domains? Or is this issue also by using domains?
Any idea, how to solve this issue? If I use Totalcommander and its own deleting-method, there is no problem deleting non-empty folders.
I'm using newest snapos.
Regards
Tino
Hi all,
I'm not using domains at my homenetwork, only workgroup.
I get a connect to the server without any problems, when I've changed the security policy to "Send LM & NTLM - use NTLM version 2 session security if negotiated".
At the webinterface I see, that I'm connected with the right user, I get also connected local.
I can copy files and folders, but if I create a new folder, I get new folders till I kill the explorer task. I'm also not able to delete non-empty folders. I can move folders and can delete the files into the folders. But I can only delete folders, if the are empty.
Can somebody confirm this issue by using workgroups instead of domains? Or is this issue also by using domains?
Any idea, how to solve this issue? If I use Totalcommander and its own deleting-method, there is no problem deleting non-empty folders.
I'm using newest snapos.
Regards
Tino
I
Ian D
Guest
- Thread Author
- #13
H
Holzi
Guest
- Thread Author
- #14
Totalcommander works
Hi,
you could have a look at Total Commander - home ... Total Commander
At the moment I'm using this tool for managing my snap servers and also often for browsing my local files, like mc at linux or the old norton commander under dos.
It is fast and easy to use.
It is no perfect sollution, but you can use Vista and your snap without any issue, because total commander has an own deleting-method.
CU
Tino
Hi,
you could have a look at Total Commander - home ... Total Commander
At the moment I'm using this tool for managing my snap servers and also often for browsing my local files, like mc at linux or the old norton commander under dos.
It is fast and easy to use.
It is no perfect sollution, but you can use Vista and your snap without any issue, because total commander has an own deleting-method.
CU
Tino
H
Holzi
Guest
- Thread Author
- #15
one issue solved
I've found out, if you deactivate "NT SMBs", the issue with freezing and ending up with many new folders is gone.
But still not able to delete non-empty folders :-(
If you use the cmd line, you can remove the folders with "rmdir /s <name-of-non-empty-folder"
Please to somebody, who is using snap server within a domain, tell us, if there is also the issue, that deleting of non-empty folders is not possible.
I've found out, if you deactivate "NT SMBs", the issue with freezing and ending up with many new folders is gone.
But still not able to delete non-empty folders :-(
If you use the cmd line, you can remove the folders with "rmdir /s <name-of-non-empty-folder"
Please to somebody, who is using snap server within a domain, tell us, if there is also the issue, that deleting of non-empty folders is not possible.
I
Ian D
Guest
- Thread Author
- #16
Raymond Zachary
New Member
- Joined
- Dec 24, 2006
- Messages
- 26
H
Holzi
Guest
- Thread Author
- #18
I
Ian D
Guest
- Thread Author
- #19
Ray,
If you use one of the Vista home editions you have to disable NTLM v.2 through the registry.
The steps are:
1. Click start
2. Type: regedit
3. Press enter
4. In the left, expand these folders: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
5. In the left, click on the folder named: Lsa
6. In the right, double-click "LmCompatibilityLevel"
7. Type the number 1 and press enter
8. Restart your computer
Holzi,
Could you please tell me what you mean by "at the webinterface"?
If you use one of the Vista home editions you have to disable NTLM v.2 through the registry.
The steps are:
1. Click start
2. Type: regedit
3. Press enter
4. In the left, expand these folders: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
5. In the left, click on the folder named: Lsa
6. In the right, double-click "LmCompatibilityLevel"
7. Type the number 1 and press enter
8. Restart your computer
Holzi,
Could you please tell me what you mean by "at the webinterface"?
Raymond Zachary
New Member
- Joined
- Dec 24, 2006
- Messages
- 26
Similar threads
- Featured
- Article
- Featured
- Article
- Article