[jcifs] ntlmv2

Christopher R. Hertel crh at ubiqx.mn.org
Wed Dec 1 19:57:19 GMT 2004 

Doing an upper-case conversion is probably the correct thing in this case.

The Samba client tools always convert to upper-case (if I recall the
source correctly, this is in the NBT name handling code).  This isn't
necessarily a good idea, since Microsoft and others have introduced
lower-case and mixed-case names.  I suspect that the programs that do this
are dealing directly with the NetBIOS API, and not going through 
intermediate layers that would do the up-case conversion for them.

The upshot is that I had to write my own tools in order to work with these 
names.  Old IBM docs say that the names must be all upper-case, but it 
becomes a theory vs. practice issue.

There are also other programs out there that register names with a <20> 
suffix byte.  Ick.

Chris -)-----

On Wed, Dec 01, 2004 at 01:54:21PM -0500, Michael B Allen wrote:
> On Wed, 1 Dec 2004 10:43:24 -0800
> "O'Rourke, James" <jorourke at rsasecurity.com> wrote:
> 
> > I'm am seeing an issue whereby when I force NTLMv2 on jcifs, domain
> > controllers and the client (IE), authentication fails when I try to
> > enter the domain name in lowercase. It succeeds when I enter it in upper
> > case. Essentially the configuration is as follows:
> >  
> > client connects via IE to our servers which essentially proxy the NTLMv2
> > handshake for domain controllers. We talk to the domain controllers
> > through jcifs.
> >  
> > Any suggestions would be of help.
> 
> Oh, crud I forgot about this. Someone reported that the fix is to add
> toUpperCase() in src/jcifs/ntlmssp/Type3Message.java:
> 
> --- src.0/jcifs/ntlmssp/Type3Message.java       Wed Dec  1 13:50:22 2004
> +++ src/jcifs/ntlmssp/Type3Message.java Wed Dec  1 13:49:38 2004
> @@ -325,7 +325,7 @@
>              byte[] domain = null;
>              if (domainName != null && domainName.length() != 0) {
>                  domain = unicode ?
> -                        domainName.getBytes("UnicodeLittleUnmarked") :
> +                       
> domainName.toUpperCase().getBytes("UnicodeLittleUnmarked") :
>                                  domainName.toUpperCase().getBytes(oem);
>              }
>              int domainLength = (domain != null) ? domain.length : 0;
> 
> BTW: We do not support NTLMv2 but if you choose lmCompatibility of 3 it
> will negotiate LMv2.
> 
> I'll wait a few days to make sure there are no suprises in the 1.1.3 fix
> and do another release. Maybe you can patch a jar yourself for a while.
> 
> Mike
> 
> -- 
> Greedo shoots first? Not in my Star Wars.

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the jcifs mailing list