[jcifs] Issues with lmCompatibility and NTLMfilter

Eric Glass eric.glass at gmail.com
Mon Jan 22 15:24:48 GMT 2007

> > There should be two values under there, NtlmMinClientSec and
> > NtlmMinServerSec; what are the values of these in your environment?
> ntlmminclientsec: 0x20080030
> ntlmminserversec: 0x20080030
> Does this mean that my IE client needs a) Negotiate 128, b) Negotiate NTML2
> key, c) Negotiate Datagram Style, and d) Negotiate Sign flags set?

20080030 =
    20000000 (Negotiate 128)
    00080000 (Negotiate NTLM2 Key)
    00000020 (Negotiate Seal)
    00000010 (Negotiate Sign)

> Is it
> worthwhile hacking the code to get jcifs to return these flags to IE in the
> challenge?

The only one that is "sticky" is NTLM2 key; that will probably get it
to work with your LMCompatibilityLevel = 4 clients, but will break the
LMCompatibilityLevel = 0 ones (NTLM2 session security with NTLMv1
authentication implies support for the NTLM2 session response Type 3
message, which jCIFS will not interpret properly when the client sends

It should be possible for us to support, but haven't had time to sit
down and actually code this.

> I guess the lmCompatibility in the filter does not really matter until I get
> a response.

That is correct.

More information about the jcifs mailing list