NTLMv2 Session Security
Christopher R. Hertel
crh at ubiqx.mn.org
Thu Feb 6 22:43:39 GMT 2003
On Thu, Feb 06, 2003 at 09:58:17PM +0000, Xyster ! wrote:
> From my experience, read below...
> Changing the registry setting either turns on or off NTLMv2. The server can
> guess which is being used by the client based on the blob lengths. The
> modes documented by MS to allow negotiation do nothing. There is no way in
> the NegProt or SessionSetupX to negotiate this.
That's the conclusion I had reached, but I wanted to see if someone could
prove me wrong.
> NTLMv2 does not provide integrity or confidentiality. For Integrity to
> happen the flags2 Security Signature bit needs to be set in the SMB header
> when doing a Session Setup. I'm not sure that NTLMv2 needs to be used as
My understanding is that the SMB_FLAGS2_SECURITY_SIGNATURE bit indicates
that the MAC is in in use, but that MAC signatures are negotiated using
the SecurityMode field in the NEGOTIATE_PROTOCOL_RESPONSE.
> Confidentiality I've never seen happen.
You sent to a public list, so I *hope* you didn't want confidentiality.
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical