powered by Jive Software

NTLM Authentication

Hi,

I’m doing auditing on our security and I’ve noticed that OpenFire seems to authenticate against our domain controller using NTLMv1. This is an outdated authentication protocol, which I’d like to eventually disable. Is there a way to have it use NTLMv2? Here is the log.

An account was successfully logged on.

Subject:
Security ID: SYSTEM
Account Name: DOMAINCONTROLLER
Account Domain: DOMAINNAME
Logon ID: 0x3E7

Logon Information:
Logon Type: 3
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: Yes

Impersonation Level: Impersonation

New Logon:
Security ID: DOMAINNAME\ADMIN
Account Name: ADMIN
Account Domain: DOMAINNAME
Logon ID: 0x17D478ED
Linked Logon ID: 0x0
Network Account Name: -
Network Account Domain: -
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x3a0
Process Name: C:\Windows\System32\lsass.exe

Network Information:
Workstation Name: DomainController
Source Network Address: 10.0.0.234
Source Port: 57069

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Transited Services: -
Package Name (NTLM only): -
Key Length: 0