Categories
Uncategorized

FREENAS non-domain bound, authentication on domain bound machine

If you run into an issue with a freenas server trying to do user authentication from a domain based machine, something to check is setting the following registry key to 3. HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel

SettingDescriptionRegistry security level
Send LM & NTLM responsesClient devices use LM and NTLM authentication, and they never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication.0
Send LM & NTLM – use NTLMv2 session security if negotiatedClient devices use LM and NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.1
Send NTLM response onlyClient devices use NTLMv1 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.2
Send NTLMv2 response onlyClient devices use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.3
Send NTLMv2 response only. Refuse LMClient devices use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM authentication, and they will accept only NTLM and NTLMv2 authentication.4
Send NTLMv2 response only. Refuse LM & NTLMClient devices use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM and NTLM authentication, and they will accept only NTLMv2 authentication.5

 21 total views,  2 views today

Leave a Reply

Your email address will not be published. Required fields are marked *