Update: It does work! See the note at the bottom of this post.
I’ve had this post in my “drafts” for about a month now. Originally it was titled “How to use Macintosh shares from Windows Vista”, but I was waiting to actually figure out how to get them working. Unfortunately it looks like it’s simply not going to happen.
Here’s the problem. You’ve got a Vista machine, and you try to visit a network share on a Mac OS X machine that has been shared using Windows Sharing. This share worked just fine with your XP machines. However, in Vista, you try to log in and it just spits back, again and again, that your username and password are incorrect.
The problem lies with the fact that in Vista, Microsoft made the gutsy but correct decision to go hardline on security. One of the targets on their list was the weak Lanman and NTLM network authentication schemes that were the default on earlier versions of Windows. The main problem with these authentication schemes is that, if a hacker can get ahold of your password that has been hashed for Lanman or NTLM (and it’s just sitting there on the drive, by the way), they can connect to remote machines using your credentials without even having to know your unhashed password. Pretty scary. So in Vista both of these schemes are disabled in favor of the much more secure NTLMv2 scheme.
There’s a problem with this on the Mac’s side though – it doesn’t support NTLMv2. Rather, the version of smbd that ships with MacOS X, even 10.4, does not support NTLMv2. You should be able to configure your smbd.conf file like Jon Belanger explains in this forum post, but it doesn’t actually work.
The problem with this is that if you do a Google search on why your Mac shares don’t work in Vista anymore, the suggestions that come up all tell you to simply decrease the security of your Vista machine. That’s really not the best idea – it just brings you back to the old insecure XP level. Unfortunately, until Apple ships a new smbd, this isn’t going to be fixed. So far I’ve just mounted my Windows shares from the Mac and it’s good enough, but I hope (and expect) that Apple will fix things in 10.5.
Update (7/16/07): In the comments, Osvaldo points out that by entering your username as “machinename\username”, with machinename being the name of the remote Mac, it works. So for me, logging in from Daedalus (my Vista machine) to Samus (my Mac), I need to type “SAMUS\brh” and it works! Thanks Osvaldo!
Tags: Apple, file sharing, security, Windows Vista
Entries
Hi, I am using vista with optimum security features on (security center is not complaining about anything – UAC is on) and I managed to access my mac shares. To manage, I connect to the mac computer \\machinename and authenticate using ipaddress\loginname as the username and of course the correct password on the password field. Hope this helps.
Interesting quote above – but for the life of me – I can’t get this to work. I’ve tried the \\machinename and trying to authenticate using the ipaddress\loginame as suggested – but nope … no deal. logon unsuccessful is the only thing I get.
Thanks Osvaldo, logged from home vista basic, all machines must have the same workgroup name
THANK YOU OSVALDO!!! your tip was the ONLY ONE I COULD FIND THAT WORKS!!!
XX.XXX.XXX.X.X\[username]
[password]
worked great!
on the Vista Computer, edit the local polisy using gpedit.msc computer config>>windows settings>>security settings>>local policy>>security options>>Network Security:LanMan authentication level Send LM and NTLM, NTLMv2 if negotiated. This worked for me. The default setting required NTLMv2, which osx 10.3 did not like!
Andy, that’s bad advice. You shouldn’t compromise security when you don’t have to.
Hi, brh
I follow your way by adding the computer name of the Mac on the popped window when ask for the username/password, it still does not work for me from Vista home, it works perfect from XP pc. What else I might miss out?
Thanks,
I realize this is a really old post, but it’s one of the first that comes up in Google for accessing Mac files from Vista, and I think it’s important to spell out the details of Osvaldo’s directions. As others have posted above, you may try his directions as I did and still get a password error. I believe the key is that you have to write out the MACHINENAME in all caps. So the “username” you give Vista should look like this: MACHINENAME\username (be sure to use a *back*slash, not a forward slash!). Observant readers will notice that SAMUS is in all caps in the post update, but I suspect most will not catch this.
i am a tech a support specialist of linksys and i am trying to find answers about this one…i can ping the mac using the vista and the other way around. When i access the mac using the vista \\ip ad of the mac\short username of mac and it is asking fo a username/password and if we will use the password of the client [user account password] it will display error: log on unsuccessful pls check the username/password if correct. we both know [client] that the pasword is really correct because we were able to edit the account using the password. I know this is beyond linksys support but i am just curious…pls help.
BRH,
Andy’s advise is spot on, and does not compromise the security of the machine.
To resolve this issue quickly and painlessly, from the Windows Client do as follows:
1. Start -> Run
2. gpedit.msc
3. Computer Config
4. Windows Settings
5. Security Settings
6. Local Policy
7. Security Options
8. Network Security – Lan Manager Authentication Level
9. Send Lan Manager and NTLM. NTLMv2 if negotiated.
Works perfectly.