Solved

Accessing a XFS share from Windows 7 Pro...

Posted on 2011-09-08
12
1,201 Views
Last Modified: 2012-05-12
I have a Windows 2003 AD network.

99% of my clients are XP Pro -I am just getting into Win 7 Pro.

I have two "Buffalo" Brand NAS boxes that run an XFS file system; I am told it is some version of Samba, but I am not sure.

The Buffalo boxes are AD aware, and integrate with AD to allow me to use user and group accounts for access control on the NAS.

I had some issues with all my machines and permissions on these NAS boxes. Once these issues were solved, the only machines I have left that are ahving issues are my two Win 7 machines.

Basically, my login script connects my clients to several network locations; three connections are all to the same Buffalo box, connecting to three different shares.

The script stops at the line for the Buffalo NAS, and says the user name or password is incorrect, allowing me to type in in manually.

In short, the only option that works is if the NAS is set to share with no access control set at all... Otherwise, I get a prompt to insert a password, non of which seems to do any good.

How can I access this NAS data from this new fangled Windows 7 thing...

Thanks in advance
0
Comment
Question by:RKoons
  • 6
  • 4
12 Comments
 
LVL 4

Expert Comment

by:klodefactor
ID: 36507614
How old is the Buffalo NAS (and its version of Samba)?  This may be due to Windows 7 forcing the use of NTLMv2 for authentication.

You can change the way Win7 authenticates by editing the registry.  Editing the registry can be dangerous if you make a mistake; be careful.

Both of the following keys should be set to "1":
HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
HKLM\System\ControlSet001\Control\Lsa\LmCompatibilityLevel
This tells Win7 to use NTLMv2 only if negotiated, otherwise to fall back to LM and NTLM.  Note that this change affects security on your network, so decide whether the trade-off is worth it to you.

--klodefactor
0
 
LVL 1

Author Comment

by:RKoons
ID: 36522989
The NAS is about 3-5 years old, and I'm not sure which version the NAS OS is. I tried the suggestions and the first one was not set to 1, but the change did not make any difference.

Thanks anyway
0
 
LVL 4

Expert Comment

by:klodefactor
ID: 36523453
I forgot to mention that you have to reboot after making that registry change.  If you haven't already, please do so and try again.

I also forgot to ask whether you'd reviewed the Buffalo NAS logs (and maybe enabled extra debugging output if that feature is available).  Also, have you reviewed the event logs on the AD server?

If that doesn't work and it were me with this problem, I'd probably break out the packet sniffer next.  Are you comfortable doing so?

--klodefactor
0
 
LVL 1

Author Comment

by:RKoons
ID: 36529298
Re-booting did not help...

There are no logs on this NAS...

I don't mind using a snifer, but I don't have alot of experence reading data from one, and I don't have one handy.

Is there something I can download to use for this purpose?
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 36969886
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:RKoons
ID: 36968707
I have come the the conclusion that this version of Buffalo is just too old for a Win 7 device to connect to.

I will have to try another option
0
 
LVL 4

Expert Comment

by:klodefactor
ID: 36969872
I encountered a similar problem just yesterday from my MS Windows 7 PC, connecting to a very old Samba server.  Given that your Buffalo NAS likely uses Samba, read on.

A colleague tells me there are two possible causes.

Can you tell me whether you're trying to access the UNC path (e.g. \\servername\sharename), or are you trying to map a drive letter?  Apparently mapping a drive letter may work even if accessing the UNC path fails.

Otherwise the probable cause is  Microsoft SMB patch that broke access to old Samba servers, if they're configured to use unencrypted passwords.  There were different problems depending on whether the client was Windows XP or Win 7.  Details are at http://support.microsoft.com/kb/2536276, but in summary, try uninstalling security update 2536276, then reboot, then check whether that fixes the problem.  Note that you may have to uninstall the security update twice in a row due to a weird problem described int the KB article.

If removing the security update fixes the problem, you really should re-install the update, then reconfigure the Buffalo NAS to use encrypted passwords.

--klodefactor
0
 
LVL 4

Expert Comment

by:klodefactor
ID: 36969887
Just yesterday I came across a possible cause and workaround for the problem, which I've added to the question.
0
 
LVL 4

Expert Comment

by:klodefactor
ID: 36969913
I forgot to mention that the MS patch on Windows XP systems revealed a bug in Samba, which has since been fixed.

Did you check for updated software for the Buffalo NAS itself?

--klodefactor
0
 
LVL 1

Author Comment

by:RKoons
ID: 37059798
I removed the patch from my test workstation. This did not resolve the issue.

I also checked the firmware on the Buffalo NAS, and the version I am running is current; there are no additional updates.

The login script I am using is written as follows:

"NET USE G: \\Kchgo-bnas01\Photos-AP"  

Finally, This version of Buffalo - Firmware does not have an encrypted option.

I think ultimatly I am going to need to break down and get a newer device in this location.
0
 
LVL 4

Accepted Solution

by:
klodefactor earned 500 total points
ID: 37073216
Reading back over the thread, it's odd that changing the registry key didn't help.  That's exactly what I had to do in a similar environment.

I think you might be right about updating your NAS.  Unless you feel like trying Wireshark, which is the network packet analysis tool I mentioned earlier.  We could at least see whether your Win7 box is still forcing NTLMv2 for some reason.

BTW I don't know the Experts Exchange policy, but sometimes the only solution is "there is no solution".  Please consider that when deciding whether to abandon the question, or to award points :-).

--klodefactor
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

So many times I have seen the words written in a question "if only I could show you" or " I know how hard it is for you since you can't see it" in any zone. That has inspired me to write about this tool in windows 7 called "Problem Steps Recorder…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now