NTLMv2 Session Security
xyster_ at hotmail.com
Thu Feb 6 21:58:17 GMT 2003
>From my experience, read below...
>From: "Christopher R. Hertel" <crh at ubiqx.mn.org>
>To: samba-technical at samba.org
>Subject: NTLMv2 Session Security
>Date: Thu, 6 Feb 2003 13:24:42 -0600
>While trying to document NTLMv2 authentication, I stumbled across
>something known as NTLMv2 Session Security. Does anyone know what this
>is? I can set
>to 1 to "enable" NTLMv2 Session Security, but I'm not sure what it does.
>Some sources say that it allows the client and server to 'negotiate' the
>use of NTLMv2 challenge/response (how?). Other sources say that it
>provides message integrity and confidentiality (how?).
Changing the registry setting either turns on or off NTLMv2. The server can
guess which is being used by the client based on the blob lengths. The modes
documented by MS to allow negotiation do nothing. There is no way in the
NegProt or SessionSetupX to negotiate this.
NTLMv2 does not provide integrity or confidentiality. For Integrity to
happen the flags2 Security Signature bit needs to be set in the SMB header
when doing a Session Setup. I'm not sure that NTLMv2 needs to be used as
Confidentiality I've never seen happen.
>I've played with this enough to know that enabling NTLMv2 Session Security
>does not enable SMB packet signing (MAC signing). There's a different set
>of registry variables for that. Perhaps they all interact with one
>Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
>jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
>ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
>OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
More information about the samba-technical