Authentication through transitive trusts

Richard Sharpe rsharpe at
Thu Jul 17 22:13:57 GMT 2003

On Thu, 17 Jul 2003, Ken Cross wrote:

> Here you go.  Similar setup:
> - "WIN1" - Windows 2000 (SP4) AD Server, domain WIN1DOM
> - "KJCWINXP" - Windows XP Pro Client, a member of WIN1DOM
> It shows KJCWINXP connecting to the "Program Files" share on WIN1.  It looks
> like it negotiated "MS KRB5" protocol.

OK, apart from the long-file name bit that I mentioned before, here is/are 
some further difference(s) between Samba and Win2K ...

1. Win2K offers an additional OID in the NegProt Response:
	1.2.840.113554.2.2.3, which looks strange as it is a 
	sub-oid of KRB5. Ethereal does not know of it ATM.

2. In the session setup&X, the MechType offers MS KRB5, KRB5, and 
   NTLMSSP, in that order.

Richard Sharpe, rsharpe[at], rsharpe[at], 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kjc1.cap
Type: application/octet-stream
Size: 59787 bytes
Url :

More information about the samba-technical mailing list