Hi all, I believe there is an error in [MS-SMB2] — v20090521 in the description of 2.2.4 SMB2 NEGOTIATE Response.
At the end of this section on page 35 it says: "Buffer (variable): The variable-length buffer that contains the security buffer for the response, as specified by SecurityBufferOffset and SecurityBufferLength. The buffer MUST contain a token as produced by the GSS protocol as specified in section 3.3.5.3." The "MUST" statement is incorrect. The Windows client behavior is that if a null buffer is returned in this field, then the client will downgrade to using raw-NTLMSSP blobs for sessionsetup instead of SPNEGO wrapped blobs. I can provide proof of this as a packet trace on request. I think this is important to fix for the SMB2 client implementations, which otherwise are forced to implement SPNEGO ASN.1 parsing. Jeremy Allison, Samba Team/Pfif member. _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
