[jcifs] Re: security policy requires NTLMv2

[pardesh]

AJ Weber <aweber <at> comcast.net> writes:

> 
> I may be mistaken, but I think the latest version 1.3.x supports NTLMv2.
> 
> Michael Allen frequents the list, so I'm sure he will respond soon with a 
> more "authoritative" answer.
> 
> Good Luck,
> AJ
> 
> ----- Original Message ----- 
> From: "pardesh" <pardesh_dsp <at> yahoo.com>
> To: <jcifs <at> lists.samba.org>
> Sent: Friday, January 30, 2009 10:57 AM
> Subject: [jcifs] security policy requires NTLMv2
> 
> > Hi,
> >
> > We have an existing java application using jcifs 1.2.9 for windows based
> > authentication single signon. right now our company security policies are
> > changed and security policy requires NTLMv2. After doing a little search 
> > on
> > this forum found that it wont support ntlmv2.
> >
> > we are looking for an alternative implementation(quicker) which will 
> > support
> > ntlmv2.
> >
> > Thanks in advance for your inputs.
> >
> > Thanks,
> > pardesh
> > 
> 
> 
Thanks AJ!!
I have tried with the latest version and it doesnt work for security policy 
requires NTLMv2.

I know it will not work and looking for an alternative implementation.

Here is the answer from mike regarding this in the previous thread:

Extended security is the "new" way to exchange tokens to
perform authentication which as of 1.3 is the default because it is
required to do NTLMv2. There's still a challenge that can be extracted
from extended security tokens but the SmbSession.getChallenge and
getChallengeForDomain methods are for doing "man-in-the-middle" style
authentication (used by the HTTP Filter to do SSO) which does not work
with NTLMv2 so there's no point in "fixing" those methods to return
the proper challenge as it would be of no use to anyone.

Just set jcifs.lmCompatibility = 0 and
jcifs.smb.client.useExtendedSecurity = false to use NTLMv1. Then it
will work (unless security policy requires NTLMv2).

Mike

thanks,
pardesh