FacetWin Logo  
 
 FacetCorp
 

Connecting from Windows 2003

Requirements:

You must be using FacetWin Version 3.1.g (Build 448) or later, This contains the latest improvements for working with Windows 2000 and XP and 2003.  If you must upgrade, do so to the current FacetWin release to take advantage of latest improvements and optimizations.

The Problem:

Many FacetWin users find that upgrading to Windows 2003 will cause problems with SMB connections both to and from the UNIX server.  SMB connections to the UNIX server include mapping a drive from a PC to the UNIX server or browsing the shares.  The first section below covers these issues.

If you are have problems with remote printers, then skip to the last section which covers problems with SMB connections from the UNIX server to Windows 2003.

SMB connections to the UNIX server:

Trusted server and RHOST security should work for Windows 2003 as it normally does with Windows 2000 or XP, which means that if you've chosen NT or RHOST security for FacetWin, no special changes need to be made to the Windows-side to connect to the UNIX server.

Plain text password connections must be enabled to connect to the UNIX server if the UNIX security method was chosen for FacetWin.

If LANMAN security method was chosen, then Windows 2003 Lan Manager authentication level must be set to "Send LM & NTLM..."

To enable plain text password connections on Windows 2003:

This is only necessary if using the UNIX security method for File & Print services on the UNIX server. 
      Administrative Tools
         Local Security Policy
            Local Policies
               Security Options
                  Microsoft network client: Send unencrypted passwords to third-party SMB servers: Enabled
Apply change and then reboot Windows 2003.

Setting Lan Manager Authentication on Windows 2003:

Lan Manager authentication level must be changed to use LANMAN security.  If the LANMAN security method was chosen for FacetWin, then Windows 2003 PCs must have the Lan Manager authentication level set to "Send LM & NTLM..." to connect to shares on the UNIX server.  To change the LANMAN security level on Windows 2003: 
      Administrative Tools
         Local Security Policy
            Local Policies
               Security Options
                  Network security: Lan Manager authentication level:
                     Send LM & NTLM responses
               or
                     Send LM & NTLM - use NTLMv2 session security if negotiated
Apply change and then reboot Windows 2003.

SMB connections to Windows 2003:

Remote printing no longer works "out of the box" with Windows 2003.  A change needs to be made to allow connections from the UNIX server to the shared printer.  This also applies to connecting to shares with FacetWin's fct_client utility.  The change is to disable digitally signed communications, and to do so: 
      Administrative Tools
         Local Security Policy
            Local Policies
               Security Options
                  Microsoft Network Server: Digitally sign communications (always): Disabled
Apply change and then reboot Windows 2003.
NOTE:  If your Windows 2003 Server is functioning as a domain controller, you will not see a Local Security Policy under Administrative Tools.  Instead, you will see Domain Controller Security and Domain Security Policy.  To affect connections to or from the domain controller select Domain Controller where Local Security Policy is specified above.

You should now be able to connect to FacetWin File & Print services using Windows 2003.  If you have any problems, check the UNIX syslog file for errors and please contact FacetCorp technical support for assistance.