I have been attempting to implement NTLMv2 for several years now.
Unfortunately, due to the many bugs that existed in NT 4.0 (and some
additional ones that were created under Windows 2000) it has taken me many
months before I was able to switch my DC's to level 5. When I finally made
the switch to 5 I found that RAS clients could no longer authenticate to the
domain. I opened yet another case with Microsoft support and after about
nine months they respond and admit to the bug but say they will not be
fixing it, even in the Whistler time frame. One of the reasons they gave is
that NTLMv2 is no more secure than NTLMv1 because all authentication methods
are crackable. When I asked why the RAS server in my entirely Windows 2000
domain did not use kerberos, they gave me the same response.

Has anyone else successfully implemented level 5 or is the addition of
NTLMv2 and kerberos really a sham?

Frank

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]