NTLMSSP in Extended security negotiation...

Todd Sabin tas at webspan.net
Sun Nov 5 16:12:50 GMT 2000

"Mayers, Philip J" <p.mayers at ic.ac.uk> writes:
> Ok, so I'm guessing there's a SHORT at 010 telling you the length of the
> calling domain, this seems to be repeated at 012, and then a short (possibly
> a long) telling you the offset into the data blob. Then the same thing for
> the calling workstation. These look like UNICODE-type
> length/maxlength/offset data.
> That would also mean that (logically) the NTLMSSP is actually NTLMSSP<NUL>,
> then 8 bytes of flags info (it's not the cryptkey, it's the same every time)
> then the strings. Do we think that's correct?
> Can anyone point me as to what the FLAGS are likely to be?

Look for the definition of struct rpc_auth_ntlmssp_neg_info
in include/rpc_dce.h in the samba source for the format
of the packet.  There are also NEGOTIATE_* defines in there
that describe a lot of the flags.


More information about the samba-technical mailing list