On Mon, Aug 04, 2008 at 04:17:29AM -0700, Bill Wesse wrote: > Good morning once again. You noted in your question that you can > provide a network trace of the NTLM behavior you reported. I would > deeply appreciate it if you would send one to me. Could you also > note the OS versions of the client and server (just in case, even > though the NtlmsspAuthenticaeMessage may contain a Version > structure.
Please find a trace attached. This was taken between a client running Windows XP SP3 and a server running Windows Server 2003 SP2 (Enterprise Edition). Frame 6 contains the initial SESSION_SETUP_ANDX request. This contains a GSS-API InitialContextToken that uses SPNEGO. The mechToken inside the SPNEGO NegTokenInit contains just raw NTLMSSP data. According to RFC 4178 section 3.2 item (c), this should be a GSS InitialContextToken. I have also included a trace of the same client and server, but using Kerberos over SPNEGO. In this trace, the mechToken is a GSS InitialContextToken. -- Adam Simpkins [EMAIL PROTECTED]
spnego_ntlmssp.pcap
Description: application/cap
spnego_krb.pcap
Description: application/cap
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
