[jcifs] Re: NTLM HTTP Filter Does Not Work With SMB Signing
Richard Caper
rcaper at gmail.com
Fri Jun 2 15:57:15 GMT 2006
On 6/2/06, Dane Henry <danehenry at gmail.com> wrote:
> Both of the values are: 0x20080030 (537395248)
>
>
I can almost guarantee this is the issue. This is documented here:
http://technet2.microsoft.com/WindowsServer/en/Library/42986e7d-3468-4000-aed0-2fe1bc94548d1033.mspx
This means your client requires that NTLM negotiates 128-bit
encryption, NTLMv2 session security, confidentiality, and integrity.
Try setting those values to 0x00000000 and try again. If it works,
this is your issue.
In that case you will probably need to change this on all of your
clients. If this is not possible, you can modify the getDefaultFlags
method in jcifs.ntlmssp.Type2Message and add the following at the end
(right before the "return flags"):
flags |= NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL |
NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_NTLM2;
This will cause jCIFS to indicate to the browser that it supports
these options. However, with the NTLMv2 flag set (0x00080000) you may
still need to tweak another registry setting to actually get this to
work:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LMCompatibilityLevel
What is that set to on your machine?
More information about the jcifs
mailing list