DNS names in NTLMSSP
Qiao Yang
qyang at stbernard.com
Fri Aug 13 03:41:59 GMT 2004
In NTLMSSP Type 2 message, the server is supposed to fill in target DNS full name and DNS domain name in the Target Information Data blob.
My question is, Does this information is actually used by the NTLMSSP client? Could we just fill in blanks? We see some customers has broken DNS server, which timeouts NTLMSSP authentication while server is doing DNS lookup for itself to get canonical dns names.
Adding an entry to local /etc/hosts may solve the problem on the server side. But will the client verify the target DNS name at all?
--Qiao Yang
SBS
More information about the samba-technical
mailing list