[jcifs] Question About NTLMv2 Session Security
eric.glass at gmail.com
Fri Jul 27 10:47:46 GMT 2007
If the "Negotiate NTLM2 Key" flag is negotiated, the context will be set up
to use the NTLM2 signing & sealing format. This in itself is not directly
relevant to SMB; however, in the case that NTLM2 sign & seal is negotiated,
the client will produce the NTLM2 Session Response in the Type 3 message if
LMCompatibilityLevel is set to 0, 1, or 2. This replaces the normal LM and
NTLM response fields. If LMCompatibilityLevel is set to 3+, the NTLMv2 and
LMv2 responses are used.
Basically, the "Negotiate NTLM2 Key" flag can be negotiated independent of
the LMCompatibilityLevel registry setting. The flag is more relevant to the
NtlmMinClientSec and NtlmMinServerSec settings; these can be configured to
prohibit connections from hosts that do *not* negotiate NTLM2 sign & seal.
On 7/27/07, tetsu.soh at nts.ricoh.co.jp <tetsu.soh at nts.ricoh.co.jp> wrote:
> Thanks for your answer.
> And I did more homework, and IMHO, NTLM2 = NTLMv2, at least in this
> In the document which I referred to (
> the author wrote that "In all levels, NTLM2 session security is supported
> and negotiated when available
> (most available documentation indicates that NTLM2 session security is
> only enabled on levels 1 and
> above, but it is seen in practice with Level 0 as well). "
> I think the author has already explained all.
> Further more, I found in the samba mailing list, the author had talked
> on this problem.
> Anyway, I decide to follow the MS's document, because it's simpler.
> Thanks again.
> "Caldarale, Charles R" <Chuck.Caldarale at unisys.com> wrote on 2007/07/27
> > > From: On Behalf Of tetsu.soh at nts.ricoh.co.jp
> > > Subject: [jcifs] Question About NTLMv2 Session Security
> > >
> > > But another document,
> > > http://davenport.sourceforge.net/ntlm.html, told me
> > > that NTLM2 session response can be used in Levels 0, 1, and 2.
> > Don't confuse NTLM2 with NTLMv2 - different animals.
> > - Chuck
> > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> > MATERIAL and is thus for use only by the intended recipient. If you
> > received this in error, please contact the sender and delete the e-mail
> > and its attachments from all computers.
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs