Windows7 - “The specified network password is not correct.” when the password is in fact correct

networking windows windows-7 share samba

I have a samba server setup for some time now. It is a Hardware NAS - which unfortunately does not provide access to the Samba logs. (the exact model of the NAS is called Addonics NAS Adapter )

I also have a Windows Vista and a Windows XP machine - from both I am able to map \\192.168.0.20\Smd with no errors ( net use l: \\192.168.0.20\Smd works, after asking for my username and password).

I also bought a brand new computer, with Windows 7, and when I try to execute the same exact net use command on it - using the exact same username/password pair, I get a "The specified network password is not correct." message. I also tried mapping from the Windows explorer menu, and got the same error.

I synchronized the clocks of the two machines, tried again... and yet the same error persists.

So what is really surprising here is that mapping works from WindowXP and Windows Vista machines, but fails from a Windows7 machine using the exact same command and username/password - Anyone has any idea of what could be causing this or how to solve the problem? Thanks


Dominic D's explanation of what is going on is correct: Vista, Windows7, and Windows2008 r2 use NTLMv2 by default. Older implementations of Samba don't support this and will return a password failure. Fortunately you can tell Vista and Windows 7 (and I presume Server 2k8) to use the v1 protocol if the v2 is not available.

These are my notes for Vista, they worked for Windows 7 Pro 64-bit.

  1. Start -> run -> secpol.msc
  2. Local Policies -> Security Options -> Network Security: LAN Manager Authentication
  3. Change NTVLM2 responses only to LM and NTLM - use NTLMV2 session security if negotiated

If you are stuck with a Vista Home, there is no secpol.msc. Instead:

  1. Start -> Run -> regedit
  2. navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. for LmCompatibilityLevel, change the '3' to a '1'
  4. Rebooting might be necessary at this point.

Windows7 and Windows2008 r2 use NTLMv2 by default. Older implementations of Samba don't support this and will return a password failure.

We had this exact same problem on our NAS.

Two solutions

  1. Bug your NAS vendor to update their implementation (we've just received a patch).
  2. Push a policy change either via GPO or via Local Policy. The setting you need to modify is: Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: LAN Manager authentication level. Set it to Send LM & NTLM - use NTLMv2 session security if negotiated. This gives you the best of both worlds, better security if supported, fall back if not. This should be the default Windows7/Windows2008r2 option IMO, but for whatever reason it isn't.

Related

Prevent SSH connection lost after logging into VPN on server machine
How to configure a custom NAT for use in Amazon VPC
How can I replay Apache access logs back at my servers to do real world load testing?
Understand PAM and NSS
Fastest, surest way to erase a hard drive?
What are the popular (free?) options for application deployment? [closed]
SSH relay server with OpenSSH
Configure OpenLDAP with TLS=required
Zeroing SSD drives
Reverse DNS in a CIDR world
How can I send visitors to the closest server using DNS?
Does fail2ban do Windows?