Dave v6 on OS9 and Windows 7

User discussion forum for prior versions of DAVE
Forum rules
This forum is for user discussion of DAVE, and is not intended as a source of technical assistance.
Please note that only the most basic installation or configuration support will be offered by Support Specialists for legacy versions.
Post Reply
mpboden
Posts: 3
Joined: Mon Nov 03, 2014 11:16 pm

Dave v6 on OS9 and Windows 7

Post by mpboden » Mon Nov 03, 2014 11:27 pm

I have a problem that I can't quite figure out, and it has to do with an older version of Dave.

Please don't ask why, but I still have one computer on my network running OS9 on an old G4, and it won't be going away anytime soon. I've had Dave v6 installed on this computer for years and it's allowed me to network with other Windows XP computers and a Linux file server just fine. However, we are currently upgrading to Windows 7, and this is where I'm running into problems. When trying to transfer files from the OS9 computer to a Windows 7 computer, I'm unable to gain access. The Windows 7 computer displays as an available computer on the network within Dave, but it fails to authenticate. Additionally, when trying to access a shared folder on the OS9 computer from the Windows 7 computer, it's visible but fails authentication as well.

Does anyone have any ideas as to why? Will it even work? I see that Thursby states Windows 7 compatibility in 2009, which is way past this version of Dave, but I'd like to get it working if possible. And if not, then I'd like a technical explanation as to why it won't work and what is different in Windows 7 from XP that prevents this functionality.

My current work around is to first transfer the files to a Linux file server from the OS9 computer and then pull from the server to the Windows 7 computer. This works, but not very efficient.

Thank you,

Mike

jim_t
Site Admin
Posts: 344
Joined: Wed Feb 23, 2011 5:10 pm

Re: Dave v6 on OS9 and Windows 7

Post by jim_t » Tue Nov 04, 2014 10:39 am

mpboden,

The short answer is that Microsoft significantly changed how security and authentication is handled between XP and Windows Vista, then again between Vista and Windows 7. As you mentioned, DAVE v6 was already legacy software at that time, and was never tested against Windows 7.

I'm sorry we can't be of more help.

---
Jim

carl
Site Admin
Posts: 185
Joined: Wed Feb 23, 2011 5:04 pm
Location: Arlington, Texas
Contact:

Re: Dave v6 on OS9 and Windows 7

Post by carl » Tue Nov 04, 2014 10:48 am

One option in your situation might be to add Windows XP system in between Windows 7 and DAVE v6. We know that DAVE v6 works with Windows XP well, and I believe that Windows 7 and Windows XP communicate well.

Another option is to search for connecting older Windows clients to Windows 7 -- I might search for solutions for connecting Windows 98 to Windows 7 hoping to find a way to modify Windows 7 to work on an older network.

mpboden
Posts: 3
Joined: Mon Nov 03, 2014 11:16 pm

Re: Dave v6 on OS9 and Windows 7

Post by mpboden » Wed Nov 05, 2014 3:04 pm

Jim & Carl,

Thank you for responding. As a result of both your posts, I kept researching this, and I finally stumbled across something.

My first discovery was when using an application called winfingerprint. I used this application to scan the OS9 computer to display the NetBIOS Shares. The resulting list allowed me to click on a particular share in an attempt to access it. After waiting a few seconds, a File Explorer Window opened giving me access to the share point. So this was an ah-ha moment. This will work.

Long story short...

After a bunch of trial an error I discovered that I was able to access the OS9 shared folder from the Windows 7 computer by using brute force. To clarify, when looking at a list of all available network computers in a File Explorer Window, all I have to do is repeatedly attempt to connect to the OS9 computer. Despite an error message on all but the last attempt indicating that the computer is not accessible and that the network address is invalid, I'm eventually granted access. In practice, I've experienced that this can take anywhere from two to six attempts.

So there you go. Problem solved for now.

Best regards,

Mike

josemedeiros007
Posts: 2
Joined: Sat Jan 30, 2016 3:27 pm

Re: Dave v6 on OS9 and Windows 7

Post by josemedeiros007 » Sat Jan 30, 2016 4:04 pm

I realize that this is an old post, but you didn't use brute force, what you did is authenticate using down level authentication in Windows 7. Unless I am mistaken as it's been over a decade since I studied SMB 1.0 & 2.0 in detail. Lan Mananger uses clear text passwords and is the lowest level of authentication for Server Messaging Block, also called CIFS. Microsoft later implemented NTLMv1, and NLTLMv2 so password authentication would be encrypted. By default Windows will negotiate the lower authentication levels if the highest level doesn't work, unless the local security policy or Active Directory domain security policy has the negotiate lower level authentication protocol settings disabled.

The Unemployed IT Guy!
Former MCSE, MCP+I, and MCT
Jose F. Medeiros
http://www.facebook.com/josemedeiros007
Last edited by josemedeiros007 on Sat Feb 06, 2016 3:55 am, edited 1 time in total.

mpboden
Posts: 3
Joined: Mon Nov 03, 2014 11:16 pm

Re: Dave v6 on OS9 and Windows 7

Post by mpboden » Wed Feb 03, 2016 9:38 pm

josemedeiros007 wrote:I realize that this is an old post, but you didn't use brute force, what you did is authenticate using down level authentication in Windows 7. Unless I am mistaken, Lan mananger uses clear text passwords, is the lowest level of authentication for Server Messaging Block, also called CIFS. Microsoft later implemented NTLMv1, and NLTLMv2 so password authentication would be encrypted. By default Windows will use the lower authentication levels if the highest level doesn't work, unless the local or Active Directory domain security policy has the lower level authentication protocols disabled.

The Unemployed IT Guy!
Former MCSE, MCP+I, and MCT
Jose F. Medeiros
http://www.facebook.com/josemedeiros007
Thanks for the response. It's never too late for me to learn something new. And believe it or not, I'm still using this G4 with OS9. For the curious, the reason why is because I'm using an old application called Trident that is no longer supported and was never updated past OS9. This application is used with a Howtek 4500 film drum scanner. Anyway, there's an alternative application that runs in a Windows environment, but testing shows a slight improvement in image quality when using the older Mac application.

I always suspected this network problem had something to do with NTLM, but I don't know much about it.

So if I may, I have a couple questions.

1. Why isn't the down level authentication automatic? What I mean is that from the Windows 7 computer, I have to click on network OS9 mac with Dave more than once for it to authenticate. Why doesn't it continue down the hierarchy of authentication on its own?

2. Also, is there a way for me to configure the Windows 7 computer to use the correct authentication method for this specific computer?

Thank you.

Mike

jim_t
Site Admin
Posts: 344
Joined: Wed Feb 23, 2011 5:10 pm

Re: Dave v6 on OS9 and Windows 7

Post by jim_t » Thu Feb 04, 2016 3:03 pm

Mike,

Do you have a password on the DAVE Share? In some older versions of DAVE, sharing a folder without a password eliminated the problem of connections from a Windows 7 machine.

---
Jim

josemedeiros007
Posts: 2
Joined: Sat Jan 30, 2016 3:27 pm

Re: Dave v6 on OS9 and Windows 7

Post by josemedeiros007 » Sat Feb 06, 2016 3:35 am

Great question, assuming your Windows 7 machine is not joined to an Active Directory domain, and the systems administrator did not raise the Active Directory Forrest level, you can change your local security policy to accept lan manager & NTLM based authentication, the default is send NTLMv2 response only on Windows 7, but if your using DAVE v6 I am sure it at least supports NTLMv1, although it can still be cracked easily using LoPHT or a similar tool, if it's a work network that's not public, you should be fine.
----------------------------------------------------------------------------------------
Network security: LAN Manager authentication level
Description
This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:

Send LM & NTLM responses: Clients use LM and NTLM authentication and never use NTLMv2 session security; domain controllers accept LM, NTLM, and NTLMv2 authentication.

Send LM & NTLM - use NTLMv2 session security if negotiated: Clients use LM and NTLM authentication and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.

Send NTLM response only: Clients use NTLM authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.

Send NTLMv2 response only: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers accept LM, NTLM, and NTLMv2 authentication.

Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM (accept only NTLM and NTLMv2 authentication).

Send NTLMv2 response only\refuse LM & NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication).
---------------------------------------------------------------------------------------------------------------------------

As for why it won't automatically accept your lower level password, I can only assume that Microsoft expects the authentication hand shake request to time out, and after the failed attempt it tries a lower level authentication level if another request is sent. Changing the default setting to accept LanMan and NTLM should eliminate your time out period and second authentication attempt, at least that's my best guess. Try it and let us know.
https://technet.microsoft.com/en-us/lib ... 52207.aspx

Let me know if you need a you tube video on how to change this, and I' ll look for one for you.

Regards,

Jose F. Medeiros
http://www.facebook.com/josemedeiros007

Post Reply