Synology DSM 7.0 and Windows Server NTLM

Question

Hi,

as I know, in DSM 7.0 only NTLMv2 is supported by default.

I have Windows Server 2012 with Local Security Policy Network security: LAN Manager authentication level sets as Send NTLM response only

Here is the Microsoft explanation: Client devices use NTLMv1 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.

https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level

My question is, why I can`t connect to Synology using SMB if Synology DSM 7.0 is a server with NTMLv2 support and Windows Server 2012 should use NTLMv2 session security if the server supports it, because Windows Server 2012 Local Security Policy Network security: LAN Manager authentication level is set as Send NTLM response only (in according to Microsoft explanation: Client devices use NTLMv1 authentication, and they use NTLMv2 session security if the server supports it)?

When I enable NTLMv1 authentication in Synology DSM 7.0 SMB settings, everything works fine.

Answer 1

Hello @Jakub Żylak

For certain application you will need to set up the policy as "Send NTLMv2 response only\ refuse LM & NTLM" for this security policy "Network security: LAN Manager authentication" in Local Security Settings > Local Policies > Security Options.

At the same time, 3rd Party applications will also have specific settings to transmit only using NTLMv1 or not, for which I would recommend you to promp your question or contact the software manufacturer (Synology) for assitance.

Hope this helps with your query,

--
--If the reply is helpful, please Upvote and Accept as answer--