An old problem has resurfaced with Linksys NAS devices and Vista, perhaps it occurs with other NAS devices as well. I believe this was fixed in Windows 7, but wanted to post this in case anyone is still experiencing this issue. Your NAS is almost certainly using CIFS, and Vista’s CIFS uses SMB2. By default Vista will only authenticate using NTLMv2, which, although not quite as good as Kerberos, is good in and of itself from a security standpoint, but is bad when trying to talk to your Linksys NAS that probably wants LM/NTLM, aka hashed password that can be cracked.
If you were around when Win95 machines wouldn’t talk to NT servers, this is a very similar problem, if not the exact same problem. What’s scary is we’re not talking about 10 versions later of an authentication protocol that has been improved over the decades. No, we’re talking about the same LM/NTLM that was around back when we discovered fire.
You can tell Vista’s local security policy to talk LM/NTLM like XP does. I would first check with Linksys if there is a firmware update that will allow the NAS to use Kerberos authentication or at least NTLMv2, but if not there are two ways to work around this.
Regedit method:
Though with any registry edit, please take precautions; back up your machine including System State and all, and I am not liable for what this may do to your machine, network or NAS. In fact you can blame it all on the web link I listed at the bottom.
Launch “Registry Editor” (regedit.exe)
Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA
Create DWORD registry value and name it “LMCompatibilityLevel”
Set its value to 2 (Send NTLM response only) or lower 1/0 (again at your own discretion)
http://support.microsoft.com/kb/239869
Group Policy method:
If you use Group Policy you may want to instead edit the policy rather than the regedit. It should do the same thing. Basically you would run secpol.msc, which opens Vista’s security policy editor.
Then under Local Policies, Security Options, find “Network Security: LAN Manager” authentication level. Once there, change it from “Send NTLMv2 response only” to “Send LM & NTLM — use NTLMv2 session security if negotiated.”
I doubt you’ll have much luck convincing Cisco to upgrade their Linksys NAS’ to Samba version 3.0.22, which will support NTLMv2, but you can try.
You may want to read this article as well:
http://technet.microsoft.com/en-us/magazine/cc160954.aspx
