[jcifs] Re: NTLM HTTP Filter Does Not Work With SMB Signing
rcaper at gmail.com
Fri Jun 2 19:21:27 GMT 2006
(please reply-all to the list to aid in troubleshooting)
If they are being reset it is probably pushed out via a policy
(likewise with lmcompatibility). Try setting the values, closing
regedit, and going back in to view them.
Not sure why it seems to be working on your box; I can attest that it
does not work with these settings in our environment. here is more
if you make the jcifs patch you would still need to tweak the
lmcompatibility registry (as with lmcompatibility < 3 it uses NTLMv1,
and the flag changes the responses in a way incompatible with jcifs...
"NTLM2 session response" apparently). But with lmcompatibility 3+ it
uses full NTLMv2 with jcifs has LMv2 compatibility with.
Try seeing if you can zero out or delete
NtlmMinClientSec/NtlmMinServerSec on someone else's box and if you are
able to access it.
On 6/2/06, Dane Henry <danehenry at gmail.com> wrote:
> Setting the 2 values to 0 didn't do anything, but I think it should be noted
> that when I restarted the machine, the values were reset to what I
> previously wrote. I re-set them to 0 and did it again, still to no avail.
> Right now, my lmcompatability is set to 1. I've tried modifying that in the
> past only to have it do the same thing that it did to NtlmMinClientSec and
> So should I then modify the getDefaultFlags method in
> Thanks for all your help and quick replies.
> On 6/2/06, Richard Caper <rcaper at gmail.com> wrote:
> > On 6/2/06, Dane Henry <danehenry at gmail.com> wrote:
> > > Both of the values are: 0x20080030 (537395248)
> > >
> > >
> > I can almost guarantee this is the issue. This is documented here:
> > This means your client requires that NTLM negotiates 128-bit
> > encryption, NTLMv2 session security, confidentiality, and integrity.
> > Try setting those values to 0x00000000 and try again. If it works,
> > this is your issue.
> > In that case you will probably need to change this on all of your
> > clients. If this is not possible, you can modify the getDefaultFlags
> > method in jcifs.ntlmssp.Type2Message and add the following at the end
> > (right before the "return flags"):
> > flags |= NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL |
> > NTLMSSP_NEGOTIATE_128 |
> > This will cause jCIFS to indicate to the browser that it supports
> > these options. However, with the NTLMv2 flag set (0x00080000) you may
> > still need to tweak another registry setting to actually get this to
> > work:
> > What is that set to on your machine?
More information about the jcifs