Synology DSM 7.0 and Windows Server NTLM

%3CLINGO-SUB%20id%3D%22%5C%26quot%3Blingo-sub-3150850%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3ESynology%20DSM%207.0%20and%20Windows%20Server%20NTLM%26lt%3B%5C%2Flingo-sub%26gt%3B%3CLINGO-BODY%20id%3D%22%5C%26quot%3Blingo-body-3150850%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3E%3CP%3EHi%2C%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3Eas%20I%20know%2C%20in%20DSM%207.0%20only%20NTLMv2%20is%20supported%20by%20default.%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EI%20have%20Windows%20Server%202012%20with%20Local%20Security%20Policy%20%3CSTRONG%3ENetwork%20security%3A%20LAN%20Manager%20authentication%20level%26lt%3B%5C%2FSTRONG%26gt%3B%20sets%20as%20%3CSTRONG%3ESend%20NTLM%20response%20only%26lt%3B%5C%2FSTRONG%26gt%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FSTRONG%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EHere%20is%20the%20Microsoft%20explanation%3A%20Client%20devices%20use%20NTLMv1%20authentication%2C%20and%3CSTRONG%3E%20they%20use%20NTLMv2%20session%20security%20if%20the%20server%20supports%20it%26lt%3B%5C%2FSTRONG%26gt%3B.%20Domain%20controllers%20accept%20LM%2C%20NTLM%2C%20and%20NTLMv2%20authentication.%26lt%3B%5C%2FP%26gt%3B%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22%5C%26quot%3Bhttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fsecurity-policy-settings%2Fnetwork-security-lan-manager-authentication-level%5C%26quot%3B%22%20target%3D%22%5C%26quot%3B_blank%5C%26quot%3B%22%20rel%3D%22%5C%26quot%3Bnoreferrer%20nofollow%20noopener%20noreferrer%22%20noopener%3D%22%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fsecurity-policy-settings%2Fnetwork-security-lan-manager-authentication-level%26lt%3B%5C%2FA%26gt%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EMy%20question%20is%2C%20why%20I%20can%60t%20connect%20to%20Synology%20using%20SMB%20if%20Synology%20DSM%207.0%20is%20a%20server%20with%20NTMLv2%20support%20and%20Windows%20Server%202012%20should%20use%20NTLMv2%20session%20security%20if%20the%20server%20supports%20it%2C%20because%20Windows%20Server%202012%20Local%20Security%20Policy%20%3CSTRONG%3ENetwork%20security%3A%20LAN%20Manager%20authentication%20level%26lt%3B%5C%2FSTRONG%26gt%3B%20is%20set%20as%20%3CSTRONG%3ESend%20NTLM%20response%20only%20%26lt%3B%5C%2FSTRONG%26gt%3B(in%20according%20to%20Microsoft%20explanation%3A%20Client%20devices%20use%20NTLMv1%20authentication%2C%20and%3CSTRONG%3E%20they%20use%20NTLMv2%20session%20security%20if%20the%20server%20supports%20it%26lt%3B%5C%2FSTRONG%26gt%3B)%3F%26lt%3B%5C%2FP%26gt%3B%3C%2FSTRONG%3E%3C%2FSTRONG%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EWhen%20I%20enable%20NTLMv1%20authentication%20in%20Synology%20DSM%207.0%20SMB%20settings%2C%20everything%20works%20fine.%26lt%3B%5C%2FP%26gt%3B%26lt%3B%5C%2Flingo-body%26gt%3B%3CLINGO-LABS%20id%3D%22%5C%26quot%3Blingo-labs-3150850%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3E%3CLINGO-LABEL%3EManagement%26lt%3B%5C%2Flingo-label%26gt%3B%3CLINGO-LABEL%3ENetworking%26lt%3B%5C%2Flingo-label%26gt%3B%3CLINGO-LABEL%3ESecurity%26lt%3B%5C%2Flingo-label%26gt%3B%3CLINGO-LABEL%3EStorage%26lt%3B%5C%2Flingo-label%26gt%3B%3CLINGO-LABEL%3EWindows%20Server%26lt%3B%5C%2Flingo-label%26gt%3B%26lt%3B%5C%2Flingo-labs%26gt%3B%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3C%2FLINGO-SUB%3E
Occasional Visitor

Hi,

as I know, in DSM 7.0 only NTLMv2 is supported by default.

 

I have Windows Server 2012 with Local Security Policy Network security: LAN Manager authentication level sets as Send NTLM response only

 

Here is the Microsoft explanation: Client devices use NTLMv1 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network...

 

My question is, why I can`t connect to Synology using SMB if Synology DSM 7.0 is a server with NTMLv2 support and Windows Server 2012 should use NTLMv2 session security if the server supports it, because Windows Server 2012 Local Security Policy Network security: LAN Manager authentication level is set as Send NTLM response only (in according to Microsoft explanation: Client devices use NTLMv1 authentication, and they use NTLMv2 session security if the server supports it)?

 

When I enable NTLMv1 authentication in Synology DSM 7.0 SMB settings, everything works fine.

0 Replies