On Tue, 3 Sep 2002, Jim McDonough wrote: > > >OK, I think that the code in cliconnect that tries to do ntlmssp is wrong > >when it comes to the AUTH response. There is no session key sent. That is, > >the session key is empty in the auth, and there should not be one in the > >negotiate. > > > >If you look in sesssetup.c you will notice that the session key is > >discarded after the token blob is parsed as well. > > > >So, get rid of the key in the negotiate, and send a NULL key in the AUTH, > >and you should be right! > Nope, not right. At least, that's not what windows machines do. Also, > check out the doc: > http://www.opengroup.org/onlinepubs/009899899/toc.htm > > and look in Chapter 11 for at least some of the NTLMSSP info. The > Sessionkey is sent in the auth command.
Well, I read that stuff, and I have a trace, and there is no session key in the trace, and chapter 11 implies that the session key is computed alike by each side. Regards ----- Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
