[jcifs] NTLMv2 and jCIFS

Eric Glass eric.glass at gmail.com
Wed Dec 6 18:22:30 GMT 2006 

There are some specific scenarios where LMv2 will not work properly;
from what I remember:

1) signing will not work if authentication is done with a given
account to a host in a different domain (i.e. user is "DOMAINA\user"
and computer is in DOMAINB).

2) There are issues if you are authenticating against a server that is
configured with the "nolmhash" registry key (it apparently will not
pass the LM response through properly, even though the LM hash is
technically not used in the LMv2 response).

3) There can be issues related to the
NtlmMinClientSec/NtlmMinServerSec registry settings (not necessarily
limited to LMv2).

I had done some related work that I keep meaning to backport in to
jCIFS; as Vista apparently uses NTLMv2/LMv2 by default this may become
a more common issue anyway.  In the meantime, if the server/DC
requires LMCompatibility >= 3 and jCIFS isn't working you might need
to give the specific error messages etc. to diagnose.


Eric

On 12/6/06, Adis Katkic <d97adka at hotmail.com> wrote:
>
> Hi
>
> I have a problem with jCIFS and NTLMv2.
> I was reading on many places on the Internet about this but I'm still not
> sure if I should give up.
> What I come up to is:
>
> 1. jCIFS can handle LMv2 which is some kind if NTLMv2 but diffirent length
> of blob or somthing like that.
>
> 2. This means that jCIFS  may be used with NTLMv2 if server uses Pass Trough
> Authenication?
> Am I right here?
>
> 3. lmCompability for NtlmHttpFilter must be set to 3.
>
> However I tried to make it work but it just wouldn't work. I'm not sure if
> my AD uses Pass trough authentication but I suspect it doesn't.
> I can log in from different domain than server domain and if I understood
> well it does not work with Pass trough.
>
> Any ides how to proceed? Is there some other component out there that could
> help me?
> I found code that Konstantin Kasatkin wrote but I don't know how to use it.
> How about JNDI, is there some components that use JNDI to login via Active
> Directory.
> In my opinion documetation about this issue is quite little.
>
> I'm thankfull for any kind of help.
> Adis Katkic
> ________________________________
> Express yourself instantly with MSN Messenger! MSN Messenger Download today
> it's FREE!

More information about the jcifs mailing list