NTLMv2 Session Security
Christopher R. Hertel
crh at ubiqx.mn.org
Thu Feb 6 19:24:42 GMT 2003
While trying to document NTLMv2 authentication, I stumbled across
something known as NTLMv2 Session Security. Does anyone know what this
is? I can set
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LMCompatibilityLevel
to 1 to "enable" NTLMv2 Session Security, but I'm not sure what it does.
Some sources say that it allows the client and server to 'negotiate' the
use of NTLMv2 challenge/response (how?). Other sources say that it
provides message integrity and confidentiality (how?).
I've played with this enough to know that enabling NTLMv2 Session Security
does not enable SMB packet signing (MAC signing). There's a different set
of registry variables for that. Perhaps they all interact with one
another...
Clues welcome.
Chris -)-----
--
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical
mailing list