samba-technical.10.overbored at samba-technical.10.overbored at
Fri Aug 19 08:49:02 GMT 2005

On Fri, 2005-08-19 at 01:44 -0700,
samba-technical.10.overbored at wrote:
> Thus spake Michael B Allen - mba2000 at on 8/18/2005 11:33 PM:
> > On Thu, 18 Aug 2005 15:44:21 -0700
> > samba-technical.10.overbored at wrote:
> > 
> > 
> >>This is the corresponding SMB session setup requests/responses. Are 
> >>these entire security blobs just the direct outputs of the SSPI calls to 
> >>InitializeSecurityContext()/AcceptSecurityContext()?
> > 
> > 
> > Pretty much. I think GSSAPI handles everything from NegToken* down
> > but you might want to create a little Windows proggie that negotiates
> > a security context with itself and then hexdump the buffers to verify
> > what layers are handled exactly.
> > 
> > Mike
> I did as you suggested. I got the NTLMSSP buffers outputted by 
> InitializeSecurityContext/AcceptSecurityContext from this program 
> (change "Kerberos" to "NTLM"):
> I compared these to my Ethereal dumps. It turns out that the portion of 
> the Security Blob that is under the section of the Ethereal's dissection 
> called "NTLMSSP" (see my screenshots). Everything in the Security Blob 
> outside that is a mystery!
> So, can anybody pinpoint what all that other stuff is, and how to 
> generate it? (Using Windows APIs, perhaps?) Also, the entire Security 
> Blob in the protocol negotiation response (the SPNEGO stuff) is just as 
> mysterious.

Try 'Negotiate' or 'GSS-SPNEGO' as the mech.  

Andrew Bartlett

Andrew Bartlett                      
Samba Developer, SuSE Labs, Novell Inc.
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list