A little too quick last time...the lengths and tags? on the strings are only one byte:
I think we've got the NTLMSSP negotiate response incorrect. Here's what I see in windows: 0000 "NTLMSSP" 0008 2 (challenge) 000c two int16s, containing domain length (number of bytes in unicode) 0010 0x00000030 0014 negotiate flags 0018 8-byte crypt key 0020 8-bytes of 0 0028 two int16s containing remaining legnth, followed by a dword containing ? 0030 Unicode domain name (not terminated, no length preceding it, since it was above) followed by: int8 0x02 int8 bytelen, Unicode domain name int8 0x01 int8 bytelen, Unicode server name int8 0x04 int8 bytelen, unicode dns domain name int8 0x03 int8 bytelen, unicode full dns server name (including domain) int32 0 Then the packet is included again... ---------------------------- Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA [EMAIL PROTECTED] [EMAIL PROTECTED] Phone: (207) 885-5565 IBM tie-line: 776-9984
