Share via

Synology DSM 7.0 and Windows Server NTLM

Jakub Żylak 6 Reputation points
2022-02-10T19:47:36.66+00:00

Hi,

as I know, in DSM 7.0 only NTLMv2 is supported by default.

I have Windows Server 2012 with Local Security Policy Network security: LAN Manager authentication level sets as Send NTLM response only

Here is the Microsoft explanation: Client devices use NTLMv1 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.

https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level

My question is, why I can`t connect to Synology using SMB if Synology DSM 7.0 is a server with NTMLv2 support and Windows Server 2012 should use NTLMv2 session security if the server supports it, because Windows Server 2012 Local Security Policy Network security: LAN Manager authentication level is set as Send NTLM response only (in according to Microsoft explanation: Client devices use NTLMv1 authentication, and they use NTLMv2 session security if the server supports it)?

When I enable NTLMv1 authentication in Synology DSM 7.0 SMB settings, everything works fine.

Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,654 questions
Windows Server Management
Windows Server Management
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Management: The act or process of organizing, handling, directing or controlling something.
449 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,902 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,861 Reputation points
    2022-02-14T16:27:25.363+00:00

    Hello @Jakub Żylak

    For certain application you will need to set up the policy as "Send NTLMv2 response only\ refuse LM & NTLM" for this security policy "Network security: LAN Manager authentication" in Local Security Settings > Local Policies > Security Options.

    At the same time, 3rd Party applications will also have specific settings to transmit only using NTLMv1 or not, for which I would recommend you to promp your question or contact the software manufacturer (Synology) for assitance.

    Hope this helps with your query,

    --
    --If the reply is helpful, please Upvote and Accept as answer--

  2. Adolfo Vazquez 0 Reputation points
    2025-04-24T19:54:44.3833333+00:00

    you should try this in your Synology NAS,

    Configure settings for legacy devices

    Warning: Enabling NTLMv1 is insecure and could make your Synology NAS vulnerable to attacks.

    Most legacy devices (e.g., IP cameras, multi-functional printers, multimedia players) only support SMB1 and NTLMv1, and do not allow the customization of NTLM settings. For better security, we recommend replacing legacy devices or contacting the device manufacturers to request support for NTLMv2.

    As a last resort, you can go to DSM > Control Panel > File Services > SMB > Advanced Settings > Others to tick Enable NTLMv1 Authentication. This will lower the security level but allow legacy devices to authenticate via NTLMv1.

    https://kb.synology.com/es-mx/DSM/tutorial/I_cannot_access_shared_folders_from_WinXP_computer

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.