extended security & Negprot response

Steven French sfrench at us.ibm.com
Wed Aug 7 13:23:01 GMT 2002

There had been some discussion about the first 16 byte field in the data
area of the negprot response (before the security blob) when extended
security is enabled.   Ethereal and the SNIA CIFS spec correctly indicate
that it is the Server's GUID but head's negprot_spnego (in smbd/negprot.c)
puts an ascii name in there.   Maybe its harmless but I was intrigued that
the GUID in the field is stored in the registry - it matches exactly with
the value of services\lanmanserver\parameters\GUID in its local registry -
which makes sense since it has to be available for non-AD connected
machines including standalone workstations.

The Leach talk on the subject at the CIFS conference a few years back
mentions (cryptically & ambiguosly) in the section "Other Validation
Checks" that "Server: [should] check [that the] Server's ID is its ID"

Steve French
Senior Software Engineer
Linux Technology Center - IBM Austin
phone: 512-838-2294
email: sfrench at us.ibm.com

More information about the samba-technical mailing list