On Thu, Feb 06, 2003 at 09:58:17PM +0000, Xyster ! wrote: > From my experience, read below... : > Changing the registry setting either turns on or off NTLMv2. The server can > guess which is being used by the client based on the blob lengths. The > modes documented by MS to allow negotiation do nothing. There is no way in > the NegProt or SessionSetupX to negotiate this.
That's the conclusion I had reached, but I wanted to see if someone could prove me wrong. > NTLMv2 does not provide integrity or confidentiality. For Integrity to > happen the flags2 Security Signature bit needs to be set in the SMB header > when doing a Session Setup. I'm not sure that NTLMv2 needs to be used as > well. My understanding is that the SMB_FLAGS2_SECURITY_SIGNATURE bit indicates that the MAC is in in use, but that MAC signatures are negotiated using the SecurityMode field in the NEGOTIATE_PROTOCOL_RESPONSE. > Confidentiality I've never seen happen. You sent to a public list, so I *hope* you didn't want confidentiality. ;) Thanks! Chris -)----- -- Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)----- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/ -)----- [EMAIL PROTECTED]
