VUID/smb_uid during Extended Security

Mayers, Philip J p.mayers at
Sun Dec 3 15:29:14 GMT 2000

Heh, you're a mine of useful information - thanks! So, the way to
distinguish between the old and new versions of the struct is by checking
for the presence of the trailing 8 bytes. Hmm, nice and robust...


| Phil Mayers, Network Support     |
| Centre for Computing Services    |
| Imperial College                 |

-----Original Message-----
From: Todd Sabin [mailto:tas at]
Sent: 02 December 2000 20:33
To: Mayers, Philip J
Cc: 'samba-technical at'
Subject: Re: VUID/smb_uid during Extended Security

"Mayers, Philip J" <p.mayers at> writes:
> Secondly, does anyone have the faintest clue what the unknown_1 and
> unknown_2 fields are in the RPC_AUTH_NTLMSSP_CHAL structure? Win2K seems
> be setting them to 0x0 and 0x30 respectively, whereas Samba sets them to
> and 0x28, which seems to be confusing the Win2K clients.

They are a STRHDR for TargetName, like the stuff in the resp blob.
The reason for the 0x28/0x30 discrepancy is that there are two new
32bit words at the end of the struct in w2k.  There seem to have
something to do with a server context handle.

See ntlmsp.h from the VC++ 6.x includes, if you've got them.  MS has
documented some of this there.  Well, "documented" may be a bit
strong, but they've got some flag defines and struct definitions.


More information about the samba-technical mailing list