• October 16, 2019, 05:00:08 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 2 [3] 4 5

Author Topic: Vote to reinstate anonymous shares while having access controlled folders  (Read 40173 times)

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717

Yeah....telling consumers to change their NTLM level plain isn't going to happen. As manufacturers you have to figure out how to do it without the consumer tinkering around. While you as a technical person may be perfectly fine with doing these changes, it is not acceptable to many others. Also, unless you're quoting me from some random place, where did I say "no way"?  As stated, the topic has been highlighted and discussed and when we have a solution that is acceptable to us, changes will be made.
Well, the "no way" was in response to this comment.
Quote
Technically speaking, the computer will accept LM for inbound authentication but by default neither Windows Vista nor Windows Server 2008 store the LM hash. Therefore, there is no way for them to authenticate an inbound LM response - typical error message is System error 86 has occurred.
Clearly, this unit is running Linux, and it's managing to deal with Windows 7 in it's native form without any issues.  I can't say what hacks have been made to SAMBA or other parts of the kernel by the manufacturer, but it is working. :)


Is there any way to have this be an option for folks that don't mind configuring this setting? 
« Last Edit: April 12, 2010, 04:53:53 PM by gunrunnerjohn »
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

D-Link Multimedia

  • Poweruser
  • Level 7 Member
  • **
  • Posts: 1066
    • D-link Systems, Inc.

Well, the "no way" was in response to this comment.Clearly, this unit is running Linux, and it's managing to deal with Windows 7 in it's native form without any issues.  I can't say what hacks have been made to SAMBA or other parts of the kernel by the manufacturer, but it is working. :)


Is there any way to have this be an option for folks that don't mind configuring this setting? 

That is a Wikipedia quote and I think you took "no way" out of context considering it was only speaking to inbound LM responses.

I am not saying that it is impossible for there to be an option in the future but that is a decision we have to make internally. I am not apposed to anonymous shares but as OS's changes the manufacturers have to keep up with microsofts diabolical plans to make things harder. I will work with the engineers to see what other solutions we can come up with which can make both parties happy.
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717

OK, I probably misunderstood what you were trying to convey there, I can accept that. :) 

I think we're after the same thing, happiness. :D

I also do understand that this is not an "enterprise level" NAS, and we are perhaps expecting too much, but I guess the annoying part was that it used to work and then was removed.  I think at the time I was using XP and Vista, and I had configured Vista to disable NTLMv2 responses for an even older NAS, I didn't realize that I was fixing something on this box as well. :)
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

D-Link Multimedia

  • Poweruser
  • Level 7 Member
  • **
  • Posts: 1066
    • D-link Systems, Inc.

I think at the time I was using XP and Vista, and I had configured Vista to disable NTLMv2 responses for an even older NAS, I didn't realize that I was fixing something on this box as well. :)


Yeah that is my main point. Techy users can get around it easily and may already have done it and not realised it. It's the moms and pops getting into the technical scene because they saw an ad and thought it appealed to them that we have to make sure we keep them away from those types of edits if possible.

Believe it or not I am not the bad guy here, I am trying to help!
Logged

Buhric

  • Level 3 Member
  • ***
  • Posts: 191

I think at the time I was using XP and Vista, and I had configured Vista to disable NTLMv2 responses for an even older NAS, I didn't realize that I was fixing something on this box as well. :)

Well Actualy I've been runnign Windows 7 64bit Ultimate since I got the DNS-323 (RC1, now on Retail)
and my PC and Windows XP Pro SP3 on an other one.
And I know that on firmware v1.06 I was able to access "All users" shared folder without needing to enter any credentials. And it would even show up in "Network" (win7) and "My Network Places" (WinXP)

Now (v1.08) if the Windows user that is logged in is not in the DNS-323 user list... it will NOT show up in Network... but I can still access it by entering the IP address (\\192.168.1.200)

And I also checked my default entry for "Network Security: LAN Manager Authentication Level "
And it his at its default value of "Not Defined"...
And this is from a Clean install of Windows 7 Ultimate 64bit from a retail CD
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717

I seemed to recall that as well, but I can't swear for certain.  I thought this was working with Windows 7, maybe I was dreaming.  I know I haven't done anything to the NTLMv2 configuration on either of the Windows 7 boxes.
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

redant2u

  • Level 2 Member
  • **
  • Posts: 37

yes please bring it back.
Logged

jolley

  • Guest

Ditto, please bring it back.
Logged

Stavr0s

  • Level 1 Member
  • *
  • Posts: 22

another yes vote
Logged

vk

  • Level 2 Member
  • **
  • Posts: 25

It would be good to make this configurable through web UI, as far as I understand it's not anything more than a simple Samba configuration change in smb.conf:
change
"security = USER"
to
"secuirty = SHARE"
Logged

xdigital

  • Level 1 Member
  • *
  • Posts: 1

Count me in!!! Even though I know how to make it works but keep explaining and fixing for my friend's are wasting my time. I also returned a few DNS-323 C1 because the fan won't stop and can't wait until the new firmware is released.
Logged

tschmidt

  • Level 1 Member
  • *
  • Posts: 1

Add me to the vote count.  I have some shares that are private that do require username/password, but I have other shares off my DNS-323 that are public and used to not require credentials to map the drive on Windows (7, Vista and XP).  This changed with the 1.08 firmware.  Please give this option back in 1.09.

Tom
Logged

D-Link Multimedia

  • Poweruser
  • Level 7 Member
  • **
  • Posts: 1066
    • D-link Systems, Inc.

Add me to the vote count.  I have some shares that are private that do require username/password, but I have other shares off my DNS-323 that are public and used to not require credentials to map the drive on Windows (7, Vista and XP).  This changed with the 1.08 firmware.  Please give this option back in 1.09.

Tom

It wont be in 1.09, thats for sure. It could be a possibility in 1.10 but again these firmwares are not planned to mess with any samba stuff at this time.
Logged

gunrunnerjohn

  • Level 11 Member
  • *
  • Posts: 2717

It wont be in 1.09, thats for sure. It could be a possibility in 1.10 but again these firmwares are not planned to mess with any samba stuff at this time.


A previous poster offered the opinion that this is as simple as changing this option in the SAMBA configuration.

It would be good to make this configurable through web UI, as far as I understand it's not anything more than a simple Samba configuration change in smb.conf:
change
"security = USER"
to
"secuirty = SHARE"


If that's really the case, is it such a big deal to put this on the GUI so it could be selected for those that want the capability and are willing to accept the security issues that have been alluded to?
Logged
Microsoft MVP - Windows Desktop Experience
Remember: Data you don't have two copies of is data you don't care about!
PS: RAID of any level is NOT a second copy.

Rodent

  • Level 3 Member
  • ***
  • Posts: 136

A previous poster offered the opinion that this is as simple as changing this option in the SAMBA configuration.

If that's really the case, is it such a big deal to put this on the GUI so it could be selected for those that want the capability and are willing to accept the security issues that have been alluded to?


I second that.......... ;D

As I mentioned in another post I think, a simple check box would do the trick and let the user decide, document it well and put all the warning you want around it but I think the consumer is yelling for it.

I know I am... ;D

R.
Logged
Pages: 1 2 [3] 4 5