DNS names in NTLMSSP

Qiao Yang qyang at stbernard.com
Fri Aug 13 03:41:59 GMT 2004

In NTLMSSP Type 2 message, the server is supposed to fill in  target DNS full name and DNS domain name in the Target Information Data blob.

My question is, Does this information is actually used by the NTLMSSP client? Could we just fill in blanks? We see some customers has broken DNS server, which timeouts NTLMSSP authentication while server is doing DNS lookup for itself to get canonical dns names.

Adding an entry to local /etc/hosts may solve the problem on the server side. But will the client verify the target DNS name at all?

--Qiao Yang

More information about the samba-technical mailing list