Gregory Hildstrom Projects Publications Resume Links Contact About Facebook Youtube Donate

Connect Windows Vista to Fedora 9 Linux Samba

The main difficulty in connecting Vista to Linux Samba shares is with default authentication. Basically, Vista requires a stronger default authentication method than previous versions of Windows: NTLMv2, which is a good thing overall, but it can cause some problems when trying to connect to old versions of Windows or Linux/Samba. There are basically two ways around this: change Vista's authentication setting or change Samba's authentication setting. I made a few changes to my fresh Fedora 9 installation to minimize potential problems: I disabled selinux and iptables.

Change Samba's Default Authentication

Here is my current running configuration in the Windows registry: 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"lmcompatibilitylevel"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"NtlmMinClientSec"=dword:00000000
"NtlmMinSeverSec"=dword:00000000

Here is my current smb.conf: 
client schannel = Auto
server schannel = Auto
lanman auth = No
ntlm auth = No
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
	
[global]
	
	workgroup = Workgroup
	server string = Samba Server Version %v
	log file = /var/log/samba/log.%m
	max log size = 50

	security = user
	passdb backend = tdbsam

	load printers = no
	cups options = raw

#============================ Share Definitions ==============================
	
[homes]
	comment = Home Directories
	browseable = no
	writable = yes
;	valid users = %S
;	valid users = MYDOMAIN\%S
	
# A publicly accessible directory, but read only, except for people in
# the "staff" group
[share]
	comment = Shared Stuff
	path = /sharedfolder
	public = yes
	writable = yes
	printable = no
	write list = +staff

Change Vista's Default Authentication

I also had success with this configuration in the Windows registry: 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"lmcompatibilitylevel"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"NtlmMinClientSec"=dword:00000000
"NtlmMinSeverSec"=dword:00000000

Here was smb.conf: 
[global]
	
	workgroup = Workgroup
	server string = Samba Server Version %v
	log file = /var/log/samba/log.%m
	max log size = 50

	security = user
	passdb backend = tdbsam

	load printers = no
	cups options = raw

#============================ Share Definitions ==============================
	
[homes]
	comment = Home Directories
	browseable = no
	writable = yes
;	valid users = %S
;	valid users = MYDOMAIN\%S
	
# A publicly accessible directory, but read only, except for people in
# the "staff" group
[share]
	comment = Shared Stuff
	path = /sharedfolder
	public = yes
	writable = yes
	printable = no
	write list = +staff

To connect to this share in Vista, Start->Computer, type \\hostname\share into the address bar, then enter the username and password. This syntax also works when mapping a network drive, but make sure to use the correct username and password for the mapped drive (click "Connect using a different user name") to make sure the association is correct.