Connecting from Windows Vista

Requirements:

You must be using FacetWin Version 4.0.l (Build 483) or later, This contains the latest improvements for working with Windows Vista.  
If you must upgrade, do so to the current FacetWin release to take advantage of latest improvements and optimizations.

The Problem:

Many FacetWin users find that upgrading to Windows Vista will cause problems with SMB connections both to and from the UNIX server.  SMB connections to the UNIX server include mapping a drive from a PC to the UNIX server or browsing the shares. 
The section below covers these issues.

If you are have problems with remote printers, then skip to the last section which covers problems with SMB connections from the UNIX server to Windows Vista.

SMB connections to the UNIX server:

Windows Vista only works with the new "pass_security=NTLMSSP" method. This method was created to authenticate client PCs using the NTLMv2.
The NTLMSSP security method must be chosen, then Windows Vista Lan Manager authentication level must be set to "Send NTLMv2 responses only".

To quickly implement an alternate authentication method to allow Windows Vista to map a drive or browsing the shares on the UNIX/LINUX server without having to change all of the other Windows PCs on your network to use the LAN Manager authentication level "Send NTLMv2 responses only", do the following:

1) Add the parameter to the "/usr/facetwin/facetwin.cfg".

config_is_by_calling_ipaddr=YES

2) Add IP addresses and NTLMSSP directory name in the "/usr/facetwin/callingipaddr" override configuration file.

	#
	# START        END             DIR         COMMENT
	#
	192.168.1.8    192.168.1.8     NTLMSSP     # NTLMSPP (single)
	192.168.1.9    192.168.1.20    NTLMSSP     # NTLMSSP (multiple)

Note, the IP address range can start and end on the same IP address for a single PC override definition, or can be expanded to include many IP addresses for multiple PCs.

3) Create the "CALLINGIPADDR" subdirectory.

	mkdir /usr/facetwin/CALLINGIPADDR

4) Create the "NTLMSSP" subdirectory.

	mkdir /usr/facetwin/CALLINGIPADDR/NTLMSSP

5) Add the "pass_security=NTLMSSP" parameter to the override file "/usr/facetwin/CALLINGIPADDR/NTLMSSP/facetwin.cfg".

6) Build the encrypted FacetWin password file "/usr/facetwin/fctpasswd" file.

	fct_encrypt -b

7) Encrypt Windows Vista user's password in the FacetWin "/usr/facetwin/fctpasswd" file.

	fct_encrypt   will

Setting LAN Manager Authentication on Windows Vista:

LAN Manager authentication level must be changed to use NTLMv2 security.  If the NTLMSSP security method must be chosen for FacetWin, then Windows Vista PCs must have the LAN Manager authentication level set to "Send NTLMv2 responses only" to connect to shares on the UNIX server.  To change the LANMAN security level on Windows Vista:

      Administrative Tools
         Local Security Policy
            Local Policies
               Security Options
                  Network security: LAN Manager authentication level:
                     Send NTLMv2 responses only

Apply change and then reboot Windows Vista.

SMB connections to Windows Vista:

Remote printing no longer works "out of the box" with Windows Vista.  A change needs to be made to allow connections from the UNIX server to the shared printer.  This also applies to connecting to shares with FacetWin's fct_client utility.  The change is to disable digitally signed communications, and to do so:

      Administrative Tools
         Local Security Policy
            Local Policies
               Security Options
                  Microsoft Network Server: Digitally sign communications (always): Disabled

Apply change and then reboot Windows Vista.

You should now be able to connect to FacetWin File & Print services using Windows Vista.  If you have any problems, check the UNIX syslog file for errors and please contact FacetCorp technical support for assistance.