« FREE Print Quota Software for AD members ONLY | Main | Troubleshooting Account Lockout Problems »

June 03, 2005

Client-less Novell & Active Directory

One "gotcha" in a recent active directory conversion was that users could no longer clientlessly access the campus novell servers. Two solutions were presented to me, the first by Chuck Yoder:

Change Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network Security: LAN Manger authentication level to "Send NTLM response only" from the AD default "Send NTLMv2 response only/refuse LM/NTLM" to get clientless to work.

DISCLAIMER: The above method will lessen the security of clients using network resources. It is not recommended by the Case ADS Administrator. Only apply to machines requiring clientless novell access!

Please see section #10 of this Microsoft Knowledge Base Article: KB823659: Network security: Lan Manager authentication level for more information.

The second solution is from Ben Hrouda, which involves installing the Novell Client. This method does not require disabling NTLMv2 and is considered the more secure workaround. The instructions on this page must be followed in addition to the normal install:

Client32 for Active Directory Kerberos Interoperability

Posted by djc6 at June 3, 2005 01:58 PM

Trackback Pings

TrackBack URL for this entry:
http://blog.case.edu/djc6/mt-tb.cgi/1479

Comments

Hi Dave,
The fix suggested by Ben was posted on the old "yes" site by me over a year ago (Ben likely read my documentation). I am surprised you haven't happened across it before. It was under the "known issues" section...

Posted by: Aaron Shaffer at June 3, 2005 08:04 PM

BTW, whatever happened to the Yes server? I haven't been able to reach it for awhile.

Also, I want to say thank you to David for this site! It is such a great depository of information.

Posted by: Chuck Yoder at June 10, 2005 01:54 PM

That is a good question about "yes". That machine (and technically, the intellectual property on it) is owned by PerceptIS, and as I am no longer affiliated with them I am not sure what they have done with it...

Posted by: Aaron Shafer at June 10, 2005 02:00 PM