[jcifs] NTLMv2 support

Christopher R. Hertel crh at ubiqx.mn.org
Sun Sep 28 06:28:28 EST 2003

Eric wrote:
> > Thanks for your reply. It helped me understand the issue better. One
> > question related to LMv2 and pass through authentication. You mentioned that
> > LMv2 without NTLMv2 might work only in pass through authentication. We use
> > jCIFS to validate a user credentials against a domain server. It seems that
> > we won't be doing pass through authentication in such a scenario. So, we may
> > see issues authenticating users in such cases ?
> >
> Possibly, but the easiest thing would just be to try it out and see what
> happens.  Whatever the outcome, it should be consistent and repeatable
> (i.e., problems wouldn't be intermittent, it would either work or not).
>   It may depend on whether you are authenticating directly against the
> domain controller, or whether a NETLOGON authentication channel is
> involved.  If you've got things working with NTLMv1, just set
> "jcifs.smb.lmCompatibility" to "3" to test LMv2.  If it works, you can
> be pretty comfortable it will work with similar accounts.  The issues I
> dimly recall may have just been back when I was testing NTLMv2; LMv2 may
> work properly in all scenarios.

I think that LMv2 should work for authentication.  I *believe* that the
extra data used by and contained in the NTLMv2 response are significant when
doing message signing, which starts up after the authentication step.  In
other words, you probably don't have to worry about NTLMv2 unless you are
actually trying to start an SMB session.

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the jcifs mailing list