If you find this not to be related to ACL’s or share/folder permissions for the repository, your group/local security policy may have strict NTMLv2 settings in which it will deny LM and NTLM requests and only allow NTLMv2 requests.Verify this in both group and local security policy.The setting is named “Network security:LAN Manager authentication level”.If you find either are set to “Send NTLMv2 response only\refuse *” then you will want to continue with the steps outlined in this KB.
Our ESX binary needs to be instructed to use NTLMv2 authentication when connecting to the CIFS repository.The zip file below contains a basic ESX smb.conf file with the needed addition of the “client ntlmv2 auth = yes” (line 48) option to allow us to connect to these strict CIFS shares/systems.This smb.conf file will need to be extracted and placed in /root/.smb/ for our binary to pick it up and use the needed option.
Extract and verify line 48 references the option noted above.
SSH to any ESX hosts that will be used to write to this repository and make the needed .smb directory.
-su – (if not already root)
Transfer the smb.conf file to the location noted above.Some SCP or SFTP applications will not show you hidden directories or files (anything that starts with a .) which means we may need to transfer this to a temporary location and go back to our ssh session and move the file to the hidden .smb folder.
-mv /tmp/smb.conf /root/.smb
This assumes you transferred the file to /tmp initially (best option in case you need to login with a non-root account as root is disabled by default) and that you are already root (su -).
Test the failing task/job again to verify it no longer fails and begins to transfer data.
KB Article: 00000306
Updated: Aug 10, 2009
vRanger Pro DPP
Expires on: 365 days from publish date