3.2.1.1 Global

  • Article

The following ADM elements are globally maintained for an individual client:

Client.SupportDialects: A list of client-supported dialect identifiers in order of preference from least to most preferred.

Client.ConnectionTable: A list of SMB connections to servers, as defined in section 3.2.1.2. The list MUST allow lookups based on Client.Connection.ServerName.

Client.LMAuthenticationPolicy: A state that determines the LAN Manager challenge/response authentication mechanism to be used. The following options are available:

  • Disabled: LAN Manager challenge/response authentication (LM) is disabled.

    The client MUST NOT return either an LM or LMv2 response.

  • V1-Enabled: LAN Manager challenge/response authentication (LM) is enabled.

    If the server supports challenge/response authentication, the client MUST calculate and send the LM response.

  • V2-Enabled: LAN Manager v2 challenge/response authentication (LMv2) is enabled.

    If the server supports challenge/response authentication, the client MUST calculate and send the LMv2 response.

Client.MaxBufferSize: The size, in bytes, of the largest SMB message that the client can receive.

Client.MessageSigningPolicy: A state that determines whether this node signs messages. This parameter has three possible values:

  • Required: Message signing is required. Any connection to a server node that does not use signing MUST be disconnected.

  • Enabled: Message signing is enabled. If the server enables or requires signing, signing MUST be used.<187>

  • Disabled: Message signing is disabled. Message signing MUST NOT be used.

Client.NTLMAuthenticationPolicy: A state that determines the NT LAN Manager challenge/response authentication mechanism to be used. The following options are available:

  • Disabled: NT LAN Manager challenge/response authentication (NTLM) is disabled.

    The client MUST NOT return either an NTLM or NTLMv2 response.

  • V1-Enabled: NT LAN Manager challenge/response authentication (NTLM) is enabled.

    If the server supports challenge/response authentication, the client MUST calculate and send the NTLM response.

  • V2-Enabled: NT LAN Manager v2 challenge/response authentication (NTLMv2) is enabled.

    If the server supports challenge/response authentication, the client MUST calculate and send the NTLMv2 response.

If Client.LMAuthenticationPolicy and Client.NTLMAuthenticationPolicy are both disabled, and Client.PlaintextAuthenticationPolicy is enabled, then the client MAY attempt plaintext authentication even if the server supports challenge/response authentication.

There is no protocol mechanism to allow the client and server to negotiate the challenge/response algorithm to be used. If none of the selected authentication mechanisms matches, authentication MUST fail.

Client.PlaintextAuthenticationPolicy: A state that determines whether plaintext authentication is permitted. The following options are available:

  • Enabled: Plaintext authentication enabled.

    If the server does not support challenge/response authentication, the client MUST authenticate using plaintext passwords. The server indicates support for challenge/response authentication using the 0x02 flag bit of the SecurityMode field that is returned in the SMB_COM_NEGOTIATE response.

  • Disabled: Plaintext authentication disabled.

    If the server does not support challenge/response authentication, the client MUST disconnect from the server.

Client.SessionTimeoutValue: The maximum amount of time, in seconds, that the client will wait for the server to respond to an SMB message.

Client.Capabilities: The set of capabilities, as described in section 1.7 and specified in section 2.2.4.53.1, supported by the client.