NTLMSSP negotiate format in sessetup response

Jim McDonough jmcd at us.ibm.com
Wed Aug 14 07:17:00 GMT 2002

I think we've got the NTLMSSP negotiate response incorrect.  Here's what I
see in windows:
0000 "NTLMSSP"
0008 2 (challenge)
000c two int16s, containing domain length (number of bytes in unicode)
0010 0x00000030
0014 negotiate flags
0018 8-byte crypt key
0020 8-bytes of 0
0028 two int16s containing remaining legnth, followed by a dword containing
0030 Unicode domain name (not terminated, no length preceding it, since it
was above)
followed by:
int16 0x0002 int16 bytelen, Unicode domain name
int16 0x0001 int16 bytelen, Unicode server name
int16 0x0004 int16 bytelen, unicode dns domain name
int16 0x0003 int16 bytelen, unicode full dns server name (including domain)
int32 0

Then the packet is included again...

Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074

jmcd at us.ibm.com
jmcd at samba.org

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba-technical mailing list