Posts Tagged ‘file sharing’

Why you can’t access Mac file shares from Windows Vista

Saturday, April 28th, 2007

Update: It does work! See the note at the bottom of this post.

I’ve had this post in my “drafts” for about a month now. Originally it was titled “How to use Macintosh shares from Windows Vista”, but I was waiting to actually figure out how to get them working. Unfortunately it looks like it’s simply not going to happen.

Here’s the problem. You’ve got a Vista machine, and you try to visit a network share on a Mac OS X machine that has been shared using Windows Sharing. This share worked just fine with your XP machines. However, in Vista, you try to log in and it just spits back, again and again, that your username and password are incorrect.

The problem lies with the fact that in Vista, Microsoft made the gutsy but correct decision to go hardline on security. One of the targets on their list was the weak Lanman and NTLM network authentication schemes that were the default on earlier versions of Windows. The main problem with these authentication schemes is that, if a hacker can get ahold of your password that has been hashed for Lanman or NTLM (and it’s just sitting there on the drive, by the way), they can connect to remote machines using your credentials without even having to know your unhashed password. Pretty scary. So in Vista both of these schemes are disabled in favor of the much more secure NTLMv2 scheme.

There’s a problem with this on the Mac’s side though – it doesn’t support NTLMv2. Rather, the version of smbd that ships with MacOS X, even 10.4, does not support NTLMv2. You should be able to configure your smbd.conf file like Jon Belanger explains in this forum post, but it doesn’t actually work.

The problem with this is that if you do a Google search on why your Mac shares don’t work in Vista anymore, the suggestions that come up all tell you to simply decrease the security of your Vista machine. That’s really not the best idea – it just brings you back to the old insecure XP level. Unfortunately, until Apple ships a new smbd, this isn’t going to be fixed. So far I’ve just mounted my Windows shares from the Mac and it’s good enough, but I hope (and expect) that Apple will fix things in 10.5.

Update (7/16/07): In the comments, Osvaldo points out that by entering your username as “machinename\username”, with machinename being the name of the remote Mac, it works. So for me, logging in from Daedalus (my Vista machine) to Samus (my Mac), I need to type “SAMUS\brh” and it works! Thanks Osvaldo!

Tags: , , ,

Posted in Apple, Windows | View blog reactions | 10 Comments »