Frequently, I've had issues with Windows machines accessing OS X Servers just set up with SMB sharing. It seems that the Windows client needs to allow a certain type of authentication to allow the machine to log into the OS X Server, and that setting isn't correct by default. The problem also happens for Linux servers as well, not just Mac OS X Server.
Note that by making these changes, you're making things that much less secure on the Windows side of things by allowing an older, less secure encryption method for authentication. While most of you won't care (because you're just looking for a solution for an in-house server), if you're working with a server which is publicly available (for some crazy reason), then get to know the facts before making these changes.
Here's directions on how to make that change in many of the various flavors of Windows:
Vista Home Premium
- Click start
- Search: regedit
- Press enter
- In the left, expand these folders: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\"
- In the left, click on the folder named "Lsa"
- In the right, double-click "LmCompatibilityLevel"
- Type the number 1 and press enter
- Restart your computer
Vista Non-Home Premium
- Click Start
- Click Control Panel (not classic view)
- Click System & Maintenance
- Click Administrative Tools
- Double Click Local Security Policy
- On the left pane, click to expand Local Policies
- On the left pane, click on Security Options
- Now, on the right pane, near the bottom, click on Network Security LAN Manager Authentication Level
- On the drop down, change the default setting (NTLMv2 only) to Send LM & NTLM - use NTLMv2 session if negotiated.
Windows XP Pro
- Select the "Start Menu" and then select "Control Panel".
- If the Windows Control Panel on your computer is in Category View, select "Performance and Maintenance"... then select "Administrative Tools"...
- If the Windows Control Panel on your computer is in Classic View, select "Administrative Tools".
- Select the "Local Security Policy".
- In the left hand window, drill down to "Security Settings\Local Policies\Security Options". In the right hand window, double-click the "Network security: LAN Manager authentication level" setting.
- You will be presented with a dialog box, choose the "Send LM & NTLM - use NTLMv2 sessions security if negotiated" option, then click the "Apply" button.
Windows XP Home
- Select the "Start Menu" and then select "Run...".
- In the "Run..." dialog box, type regedt32, then click the OK button to open the Registry Editor.
- In the left hand window, expand "HKEY_LOCAL_MACHINE".
- In the left hand window, expand "SYSTEM".
- In the left hand window, expand "CurrentControlSet".
- In the left hand window, expand "Control".
- In the left hand window, expand "Lsa".
- In the right hand window, double-click the "lmcompatibilitylevel" setting.
- You will be presented with the "Edit DWORD Value" dialog box.
- In the Edit DWORD Value dialog box, change the Value data: text from "0" to "1", make sure that "Hexadecimal" radio button is chosen for the Base section, and then click the OK button
- In the right hand window, the "lmcompatibilitylevel" setting should reflect the new setting change.
- Please restart your computer.
Windows 7 Ultimate
- In the Windows 7 start button, type "secpol.msc"
- Expand "Local Policies" and select "Security Options."
- Locate "Network Security: LAN Manager Authentication Level" in the list and double-click it.
- Change the setting from "Send NTMLv2 response only" to "Send LM & NTLM - use NTLMv2 sessions security if negotiated."
- Hit OK.
- Locate "Network Security: Minimum session security for NTLM SSP Based (including secure RPC) Clients."
- Change the setting from "require 128 bit" to unchecked (No Minimum).
- Hit OK.
If anyone has experience with other flavors of windows, please let us know and we'll add the instructions to this list.
