[jcifs] Issues with lmCompatibility and NTLMfilter
Eric Glass
eric.glass at gmail.com
Mon Jan 22 15:24:48 GMT 2007
> > There should be two values under there, NtlmMinClientSec and
> > NtlmMinServerSec; what are the values of these in your environment?
>
> ntlmminclientsec: 0x20080030
> ntlmminserversec: 0x20080030
>
> Does this mean that my IE client needs a) Negotiate 128, b) Negotiate NTML2
> key, c) Negotiate Datagram Style, and d) Negotiate Sign flags set?
20080030 =
20000000 (Negotiate 128)
00080000 (Negotiate NTLM2 Key)
00000020 (Negotiate Seal)
00000010 (Negotiate Sign)
> Is it
> worthwhile hacking the code to get jcifs to return these flags to IE in the
> challenge?
>
The only one that is "sticky" is NTLM2 key; that will probably get it
to work with your LMCompatibilityLevel = 4 clients, but will break the
LMCompatibilityLevel = 0 ones (NTLM2 session security with NTLMv1
authentication implies support for the NTLM2 session response Type 3
message, which jCIFS will not interpret properly when the client sends
it).
It should be possible for us to support, but haven't had time to sit
down and actually code this.
>
> I guess the lmCompatibility in the filter does not really matter until I get
> a response.
>
That is correct.
More information about the jcifs
mailing list