[cifs-protocol] Re: Status: raw NTLMSSP tokens in GSS-API/SPNEGO?
SRX080803600053
Adam Simpkins
simpkins at cisco.com
Mon Aug 4 20:48:37 GMT 2008
On Mon, Aug 04, 2008 at 04:17:29AM -0700, Bill Wesse wrote:
> Good morning once again. You noted in your question that you can
> provide a network trace of the NTLM behavior you reported. I would
> deeply appreciate it if you would send one to me. Could you also
> note the OS versions of the client and server (just in case, even
> though the NtlmsspAuthenticaeMessage may contain a Version
> structure.
Please find a trace attached. This was taken between a client running
Windows XP SP3 and a server running Windows Server 2003 SP2
(Enterprise Edition).
Frame 6 contains the initial SESSION_SETUP_ANDX request. This
contains a GSS-API InitialContextToken that uses SPNEGO. The
mechToken inside the SPNEGO NegTokenInit contains just raw NTLMSSP
data. According to RFC 4178 section 3.2 item (c), this should be a
GSS InitialContextToken.
I have also included a trace of the same client and server, but using
Kerberos over SPNEGO. In this trace, the mechToken is a GSS
InitialContextToken.
--
Adam Simpkins
simpkins at cisco.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: spnego_ntlmssp.pcap
Type: application/cap
Size: 2307 bytes
Desc: not available
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080804/83573f8f/spnego_ntlmssp.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: spnego_krb.pcap
Type: application/cap
Size: 4273 bytes
Desc: not available
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080804/83573f8f/spnego_krb.bin
More information about the cifs-protocol
mailing list