Walcott Consulting
  • Home
  • Services
  • Resources
  • Rates
  • Managed Services
  • Contact
  • Blog

​Connecting Windows clients to a macOS server:

8/31/2017

1 Comment

 
Getting Windows clients to connect to macOS servers is usually fairly straightforward, but there are a number of issues that can cause problems, and can be tricky to track down. For such scenarios, I’ve put together this list of things to try when you're troubleshooting this kind of situation.

First of all, just having the proper URL to connect to the server is important. So if your server is called “MY-SERVER” and has an IP address of 192.168.1.1, and your share is called “MyShare,” you can format the URL in either of the two following ways:

\\192.168.1.10\MyShare
\\MY-SERVER\MyShare

When you try this and your Windows clients can’t connect to the Mac server, here are a few things you can try:


1. Enable NTLM authentication on your macOS server:

Enable NTLM with:
sudo serveradmin settings smb:ntlm auth = "yes"

If you’re using a very old Windows client version, can also try adding Lanman support, as below:
sudo serveradmin settings smb:lanman auth = “yes”

And you can confirm that the change worked by running:
sudo serveradmin settings smb


2. Add server NetBIOS / workgroup name to authentication credentials:

Depending on the version of Windows you’re using on the client machine, you may need to include the server NetBIOS name (or workgroup name) before the username, separated by a backslash (“\”), as part of the login credentials.

So for username "dave" with NetBios name “MY-SERVER, the full "name" in the login window would look like:

MY-SERVER\dave

You can check the NetBios name of your server with the "serveradmin settings smb” command, and look for the "smb:NetBIOSName” parameter in the output.


3. Allow both NTLM v1 and v2 authentication on your macOS server:

The versions of the NTLM protocol that a Mac server will allow are specified in the following file:

com.apple.GSS.NTLM.plist

Which is located in "/Library/Preferences.”

However, this file doesn't exist by default in a new installation. So in order to enforce this authentication parameter, you need to create the file in that location, with the following contents:
 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
      <key>NTLMv1</key>
      <true/>
      <key>NTLMv2</key>
      <true/>
</dict>
</plist>

Give the machine a reboot, and this will allow Mac OS Server to accept both NTLMv1 and NTLMv2 authentication.


4. Enable ACL support:

One other handy tip when you’re connecting Windows clients to a Mac server (this time related to authorization and not authentication) is to enable ACL support for the SMB service (as I mentioned earlier this year in this post), which can ameliorate all kinds of permissions issues that plague only Windows machines. You can do this as follows:

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES

Disabling ACL’s again (should you need to) can be done like so:

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool NO

After doing either one, I’d suggest restarting the SMB service on your server, as follows:

sudo serveradmin stop smb
sudo serveradmin start smb

After running either of the above, you can re-issue the “sudo serveradmin settings smb” command to make sure the changes took.
1 Comment

    Author

    Dave Walcott and Walcott Consulting have been providing Mac consulting services to Bay Area companies since 1998.

    Archives

    October 2019
    December 2018
    October 2018
    August 2017
    April 2017
    March 2017
    February 2017
    January 2017
    August 2016
    October 2015
    March 2015
    April 2014

    Categories

    All

    RSS Feed

Proudly powered by Weebly