[cifs-protocol] RE: Status: raw NTLMSSP tokens in GSS-API/SPNEGO?
billwe at microsoft.com
Tue Aug 5 10:53:41 GMT 2008
Thank you sir! I will begin my investigation this morning!
MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
We're Hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted
From: Adam Simpkins [mailto:simpkins at cisco.com]
Sent: Monday, August 04, 2008 4:49 PM
To: Bill Wesse
Cc: 'cifs-protocol at samba.org'
Subject: Re: Status: raw NTLMSSP tokens in GSS-API/SPNEGO? SRX080803600053
On Mon, Aug 04, 2008 at 04:17:29AM -0700, Bill Wesse wrote:
> Good morning once again. You noted in your question that you can
> provide a network trace of the NTLM behavior you reported. I would
> deeply appreciate it if you would send one to me. Could you also note
> the OS versions of the client and server (just in case, even though
> the NtlmsspAuthenticaeMessage may contain a Version structure.
Please find a trace attached. This was taken between a client running Windows XP SP3 and a server running Windows Server 2003 SP2 (Enterprise Edition).
Frame 6 contains the initial SESSION_SETUP_ANDX request. This contains a GSS-API InitialContextToken that uses SPNEGO. The mechToken inside the SPNEGO NegTokenInit contains just raw NTLMSSP data. According to RFC 4178 section 3.2 item (c), this should be a GSS InitialContextToken.
I have also included a trace of the same client and server, but using Kerberos over SPNEGO. In this trace, the mechToken is a GSS InitialContextToken.
simpkins at cisco.com
More information about the cifs-protocol