This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

NTLM security credentials warning over VPN

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

NTLM security credentials warning over VPN

ayurchenko
Not applicable

‎10-19-2011 11:03 AM

Hi,

We have a couple of Linux Samba servers that can only talk NTLM 0.12 dialect(this is from packet captures).

If I am connecting to a Linux Samba share from the internal LAN my Win 7 client(that supports up to SMB 2.0) negotiates down to NTLM 0.12 and connects using cached credentials.

If I am connecting to a Linux Samba share from client VPN, then Win 7  asks for credentials and presents a warning message:

"The systems detected a possible attempt to compromise security. Please make sure you can contact the server that authenticated you"

After supplying credentials it can access the share fine.

Packet captures in both cases look exactly the same.

If I am accessing a fileshare that supports SMB 2.0 dialect there are no prompts for password when accessing over LAN or VPN.

Why does it present a credentials form when connected over VPN but not over LAN? Has anybody seen this too?

I dont think this is a VPN issue, but maybe people here have seen this before.

Thank you in advance,

0 Likes Likes
2 REPLIES 2

ggarrison
L4 Transporter

‎10-20-2011 07:01 AM

Please make sure that WINS servers are correctly configured for your SAMBA servers. The SMB protocol uses broadcasts which don't traverse through forwarded interfaces unless they are properly bridged, so you need to make sure the windows clients have the correct WINS info.  Also, I recommend verifying DNS settings on the client, and that valid entries exist for the SAMBA servers if they are being accessed by name.

0 Likes Likes

ayurchenko
Not applicable
In response to ggarrison

‎10-20-2011 09:16 AM

Thank you for your reply ggarison,

We went through the troubleshooting exercises, like you described, have not found any faults.

I think the most puzzling is that packet captures in both cases over VPN and over LAN are the same.

0 Likes Likes
  • 2020 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks