My NAS of choice is based on the FreeNAS OS (versions 9.10.2-U5 & 11.0), but I also own a ReadyNAS NV+ V2 NAS, which is still in service. I use it to house archive material, which is rarely accessed.
Printing and file services are one of the early tasks I consider when integrating a new client on the network. Having recently installed Windows Vista in a VM, I checked that I could access shares on both FreeNAS and ReadyNAS. Now when I did the same check with Windows XP in a VM, I could access shares on ReadyNAS, but not on FreeNAS. On the FreeNAS server, I would be presented with a dialog box requesting a username and password.
The plot thickens further. If I do the same checks with Windows 95 in a VM, I’m denied access to both FreeNAS and ReadyNAS. A dialog box requesting a password for IPC$ is presented.
Trying various username/password combinations on XP and different passwords on Windows 95 yielded nothing. What’s going on here?! Turns out it has nothing to do with passwords. To start unravelling the puzzle, let’s start by summarising what we know.
Windows XP and FreeNAS
Windows (SMB) Shares section of FreeNAS documentation provided the first clue…
I surmised from this that FreeNAS had NTLMv1 disabled, but ReadyNAS had it enabled. That would explain why Win XP couldn’t access FreeNAS shares, but could access ReadyNAS shares. What strengthened this theory was this ReadyNAS post from 2012 around ReadyNAS systems available at the time. This Microsoft article also adds weight to the theory. It states that ‘Windows 95 and Windows 98 computers do not support NTLM’. This would explain why the Windows 95 client could not connect to either FreeNAS or ReadyNAS shares.
This bug report confirms the issue and suggests two possible solutions. One solution improves overall network security; the other weakens it. The better solution is to lift XP’s game by forcing it to use NTLMv2 if the server supports it rather than its default NTLMv1. The weaker option is to enable NTLMv1 on FreeNAS.
I tested both options and they work. However, for the latter option, I believe there is a documentation error in FreeNAS. NTLMv1 has to be enabled as a global parameter and not a local parameter. The switch needs to be placed in Auxiliary Parameters under SMB Services.
The screenshot below shows what needs to be altered to get Windows XP to use NTLM2.
Windows 95 and FreeNAS
Again the Windows (SMB) Shares section of FreeNAS documentation provided some clues…
As for Windows XP, these parameters are global rather than local and need to be placed in the Auxiliary Parameters under SMB Services. After restarting SMB services, I still had problems accessing SMB shares from Windows 95. This article provided the answer. The steps specified in the article need to be followed, but the key is to reset the SMB password on FreeNAS. Once I did this, I was able to access FreeNAS shares from Windows 95.
Here is a great article that looks at the relationship between LANMAN, NTLM and SMB.
Windows 95 and ReadyNAS
As indicated in this post, any attempt to add the switches specified above will have the changes overwritten on reboot. Based on this, it is not possible for older Windows clients (pre-NT4.0) to access ReadyNAS shares.
Having trodden the path less well-travelled, this is a summary of what is considered possible albeit less secure when share access is enabled for older clients of Win 9x vintage. I don’t condone the use of LANMAN. It is insecure and should be disabled unless there are compelling reasons to switch it on. The purpose of this post was to explain the puzzling share behaviour initially observed.
Edit: Some time after writing this post, I found a way to enable NTLMV2 on Windows 95. Refer to the post Stronger Authentication for Windows 95 for more information.
- Windows (SMB) Shares
- NTLMv2 or Kerberos support
- Can’t access freenas with Win XP after upgrade
- When Windows 9x/ME Samba Access Fails
- LANMAN and NTLM: Not as complex as you think!
- Need help w/ReadyNAS SAMBA configuration
- Stronger Authentication for Windows 95