This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
The support for this request has now been delivered.
IBM has made available PTFs for the QNTC file system that provide this support.
The QNTC PTFs are as follows:
IBM i 7.2 PTF: SI66215
IBM i 7.3 PTF: SI66216
Additionally, the latest available PTFs for IBM i Netserver are
IBM i 7.2: MF64413
IBM i 7.3: MF64414.
The support for this request has not been delivered.
IBM has made available PTFs for IBM i NetServer that provide this support.
The PTFs are as follows:
IBM i 7.2 PTFs: MF64295 and MF64297
IBM i 7.3 PTFs: MF64296 and MF64298
Note that these need to be applied as DELAYED PTFs.
In order to provide a full solution, QNTC will be supporting NTLMv2 Session Security also. This request will be updated when that support is available.
Hello cos,
after several Critical malware attacks this year (WannaCry, Petya, ...) we have to remove SMBv1 from our network. Only available access to network shares from workstations is SMBv2 + NTLMv2 Session Security. We are on V7R2. Currently NetServer does not provide this functionality, even after latest PTFs application. This malfunction has critical impact on our applications, which serve data to users via Netserver. Systém i platform is seen as "unsecure" because of this lack.
We understand this request.
I upgraded from IBM i V7R1, V7R2 to 7.3.
This doesn't work with Windows7 and Windows 10 NTLMv2 session security.
Same problem.
What i can do?
Did you work on the problem?
Bes Regards
we just upgraded from IBM i V7R1 to 7.3 and with this upgrade Netserver is upgraded to default use of SMB2.
This doesn't work with Windows7 NTLMv2 session security.
The solution for this problem is going back to NTLMv1 or SMB1.
Both are options you do not want to do and are not solutions you expect when upgrading to a new release.
It looks more like 2 or 3 steps back to unsecure protocols you do not want to use anymore!
Our Security team did an analysis and came to the following...
NTLM V1 risk Review
November 7, 2016
Security Recommendations:
As of January 8, 2013, Microsoft recommends discontinued use of NTLM V1. It is advised to implement the forced use NTLM v2 only.
Risks associated to use of NTLM v1
Credential exposure
Clients who authenticate using this protocol can also send user_ID and password in clear text. If this is captured the credentials can be used to gain access to the system.
Additionally, NTLM v1 stored passwords locally in hashes that can be used to authenticate without needing to know the original password.
Brute Force Crack
NTLM v1 can be brute force cracked quite easily.
If someone were able to capture NTLM V1 SMB traffic they could use Cain and Abel with Rainbow tables, or rainbowcrack, to crack the password, if the password were less than 7 characters it could be done in less than a day.
In their opinion, this would be a high to critical vulnerability if scanned, therefore they are recommending that we NOT disable the forced use of NTLMv2 Session Security.
Creating a new RFE based on Community RFE #93880 in product IBM i.