01.21.09
Windows Vista Will Not Join OSX Server Domain Controller
You ever run upon a fix that you can’t really figure out where it should go, but you know it’s important and you’ll probably need to reference it in the future? Simply contribute the power of Google, of course!
This blog post is for those OSX Server administrators (OSX Leopard Server, 10.5.6 to be specific) who have Windows machines on their network but for some reason simply can’t get them to join the domain. It appears they join via the logs, and it adds a computer/machine record in Workgroup Manager…but it gives Vista an error.
The problem is with the default Security Policy in Windows Vista. Here’s how you join a Windows Vista machine to an OSX Server Open Directory / SMB Server. Perform the following on all Vista client machines you need added to the domain:
- Click Start.
- Type secpol.msc in the search box and press Enter.
- Windows Vista will display a warning message; click Continue.
- Windows Vista’s Local Security Policy console will appear. Highlight Local Policies.
- Double-click Security Options.
- Scroll down to the Network Security: LAN Manager Authentication Level policy entry and double-click it.
- Change the value from the default setting of Send NTLMv2 Response Only to Send LM & NTLM — Use NTLMv2 Session Security If Negotiated, then click OK.
- Close the Local Security Policy console.
After this is done, you don’t even need to reboot. Simply try and join the domain again and it will automagically work!
I hope this helps, particularly those who stumbled their way here via the Great Goog. This solution was originally found here.
stuckpixel said,
January 24, 2009 at 2:53 am
Yeah – Vista has a few quirky things like that – you’ll see the same problem with a number of products trying to do NTLM authentication – most implementations are running v1.
Not really sure why they didn’t set it to ‘if Negotiated’ to begin with.