Funny security blob in sesssetup&X.

Steven French sfrench at
Wed Aug 28 06:18:01 GMT 2002

It looks like a negTokenTarg to me.  Note that the NTLMSSP format is mostly
described in chapter 11 of the ActiveX reference book, now online on the
OpenGroup site at (the rest of the
book covers ActiveX and MS DCE/RPC and is at  I wish I had seen
that document years ago it would have saved us some time.  I had been
putting off getting a copy for a long time.

For the SPNEGO formatting it seems that the negTokenInit and negTokenTarg
are distinguished by context (the negTokenInit coming first) but the [0]
and [2] in the dumpasn output probably refer to the field numberings in the
RFC, specifically "supportedMech" and "responseToken" respectively even
though based on RFC2478 you would expect the targ to include [0] as
negResult not just the optional fields [1] as supportedMech and [2] as

From: Richard Sharpe <rsharpe at>
To: <samba-technical at>

>Here is the content of the security blob in a sessionsetup&X from a Win2K
>It looks wrong because it seems to be a negTokenInit, not the
>negTokenTarg I would expect.
>Can anyone comment?

Steve French
Senior Software Engineer
Linux Technology Center - IBM Austin
phone: 512-838-2294
email: sfrench at

More information about the samba-technical mailing list