Windows 7 and Novell Client 2 SP1 (ir2)
Installed Windows7 Enterprise Edition (fully patched). Installed Novell Client 2 SP1 (ir2). After a successful login to eDirectory/NetWare 6.5 (all fully patched), my account in eDirectory becomes intruder locked. After doing some packet capturing and reading the capture file in Wireshark, I am seeing conversations using NCP, SMB and NBSS between my Windows7 pc and the NetWare 6.5 server I am logged into. The NCP conversation makes senses, but I am confused by seeing the SMB and NBSS. The following item is reported in the capture: SMB | Session Setup AndX Response, Error: STATUS_LOGON_FAILURE Further review of the packet capture, I noticed in the item: SMB | Session Setup AndX Request, User: MSAD\smithht; Tree Connect AndX, Path: \\DATA1\DATA$ ..SMB (Server Message Block Protocol) ....Session Setup AndX Request (0x73) ......Unicode Password: ........NTLMv2 Response: On a chance, I set the "Network security: LAN Manager authentication level" to "Send LM & NTLM - use NTLMv2 security if negotiated" like I do when setting up a Vista and Windows7 pc without the Novell Client to connect to the CIFS Service on my NetWare 6.5 server. After which the failed logins from the Windows7 pc with the Novell Client 2 SP1 (ir2) stopped when logged in to my NetWare 6.5 server, WHY? It seems that the Windows7 pc is successfully logging into the NetWare 6.5 server via the Novell Client over NCP, but was failing to login over SMB/NBSS to the CIFS service on the NetWare 6.5 server until the "Network security: LAN Manager authentication level" was set to "Send LM & NTLM - use NTLMv2 security if negotiated". Why does the "Network security: LAN Manager authentication level" setting have to be lowered on a Windows7 pc when the Novell Client is installed? thx
June 30th, 2010 5:06pm

That is because Novell Client only uses the lower NTLM level. If Windows 7 users NTLMv2 in authentication, the Novell Client will not be able to authenticate properly.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
July 1st, 2010 10:58am

So if I understand you correctly, that when installing the Novell Client on a Windows7 pc, I have to set the "Network security: LAN Manager authentication level" to "Send LM & NTLM - use NTLMv2 security if negotiated". I've never used Windows Vista, but with WindowsXP when the Novell Client installed, it did not matter what the "Network security: LAN Manager authentication level" was set to. On my WindowsXP pc I've just tested setting it to "Send NTLMv2 Responses only" and did not accumulate any failed login attempts on my Novell eDirectory/NetWare account. But on my Windows7 pc, when "Network security: LAN Manager authentication level" is NOT set to "Send LM & NTLM - use NTLMv2 security if negotiated", I accumulate failed login attempts on my Novell eDirectory/NetWare account. This comparison between WindowsXP and Windows7 appears that it does not matter that the Novell Client is installed on Windows7, because a SMB/NBSS auth will happen anyway on Windows7 and if the "Network security: LAN Manager authentication level" is NOT set to "Send LM & NTLM - use NTLMv2 security if negotiated", the Windows7 pc will fail when attempting to connect over SMB to the same NetWare server that the installed Novell Client is already connected to over an NCP connection. Why is Windows7 making multiple connections (NCP and SMB) connections to the same NetWare server, when WindowsXP only made an NCP connection? thx
July 1st, 2010 4:58pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics