Skip to Main Content
IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Workspace IBM i
Created by Guest
Created on Sep 1, 2016

IBM i NetServer Does Not Currently Support NTLMv2 Session Security

IBM i NetServer Does Not Currently Support NTLMv2 Session Security
ref:
http://www-01.ibm.com/support/docview.wss?uid=nas8N1010528


Mapping netserver share with other cridential when Kerberos is configure is not possible.


Disabling NTLM V2 will have a greater impact on all the application accessed by the clients


Use Case:

We need to use this for production mode.

We cannot change the GPO.


Idea priority Medium
  • Guest
    Reply
    |
    Jan 2, 2018

    The support for this request has now been delivered.

  • Guest
    Reply
    |
    Dec 13, 2017

    IBM has made available PTFs for the QNTC file system that provide this support.

    The QNTC PTFs are as follows:
    IBM i 7.2 PTF: SI66215
    IBM i 7.3 PTF: SI66216

    Additionally, the latest available PTFs for IBM i Netserver are
    IBM i 7.2: MF64413
    IBM i 7.3: MF64414.

    The support for this request has not been delivered.

  • Guest
    Reply
    |
    Nov 20, 2017

    IBM has made available PTFs for IBM i NetServer that provide this support.

    The PTFs are as follows:
    IBM i 7.2 PTFs: MF64295 and MF64297
    IBM i 7.3 PTFs: MF64296 and MF64298

    Note that these need to be applied as DELAYED PTFs.

    In order to provide a full solution, QNTC will be supporting NTLMv2 Session Security also. This request will be updated when that support is available.

  • Guest
    Reply
    |
    Oct 6, 2017

    Hello cos,

    after several Critical malware attacks this year (WannaCry, Petya, ...) we have to remove SMBv1 from our network. Only available access to network shares from workstations is SMBv2 + NTLMv2 Session Security. We are on V7R2. Currently NetServer does not provide this functionality, even after latest PTFs application. This malfunction has critical impact on our applications, which serve data to users via Netserver. Systém i platform is seen as "unsecure" because of this lack.

  • Guest
    Reply
    |
    Sep 21, 2017

    We understand this request.

  • Guest
    Reply
    |
    Aug 18, 2017

    I upgraded from IBM i V7R1, V7R2 to 7.3.

    This doesn't work with Windows7 and Windows 10 NTLMv2 session security.

    Same problem.

    What i can do?

    Did you work on the problem?

    Bes Regards

  • Guest
    Reply
    |
    Jun 1, 2017

    we just upgraded from IBM i V7R1 to 7.3 and with this upgrade Netserver is upgraded to default use of SMB2.
    This doesn't work with Windows7 NTLMv2 session security.

    The solution for this problem is going back to NTLMv1 or SMB1.
    Both are options you do not want to do and are not solutions you expect when upgrading to a new release.
    It looks more like 2 or 3 steps back to unsecure protocols you do not want to use anymore!

  • Guest
    Reply
    |
    Nov 8, 2016

    Our Security team did an analysis and came to the following...

    NTLM V1 risk Review
    November 7, 2016

    Security Recommendations:
    As of January 8, 2013, Microsoft recommends discontinued use of NTLM V1. It is advised to implement the forced use NTLM v2 only.

    Risks associated to use of NTLM v1
    Credential exposure
    Clients who authenticate using this protocol can also send user_ID and password in clear text. If this is captured the credentials can be used to gain access to the system.
    Additionally, NTLM v1 stored passwords locally in hashes that can be used to authenticate without needing to know the original password.

    Brute Force Crack
    NTLM v1 can be brute force cracked quite easily.
    If someone were able to capture NTLM V1 SMB traffic they could use Cain and Abel with Rainbow tables, or rainbowcrack, to crack the password, if the password were less than 7 characters it could be done in less than a day.

    In their opinion, this would be a high to critical vulnerability if scanned, therefore they are recommending that we NOT disable the forced use of NTLMv2 Session Security.

  • Guest
    Reply
    |
    Sep 2, 2016

    Creating a new RFE based on Community RFE #93880 in product IBM i.