[Samba] SPNEGO Response format
Sudheer Kurichiyath
skurichiyath at vmware.com
Tue Sep 2 10:31:44 GMT 2008
Hi,
There is a problem with the negResult field of NegoTokenArg structure. As per SPNEGO RFC rfc247, NegTokenTarg can have an optional parameter with the name negResult.
Samba does not look to support this optional parameter. The function spnego_parse_auth() is failing if a client sends negResult parameter in its SPNEGO response. (My client sends a "accept-incomplete" in the negResult field). A windows-based CIFS server does not have any issue with the response token containing the negResult field.
Is there a fix available in Samba for this problem Or am I the first person who is experiencing this issue? The workaround I have is to avoid sending negResult to Samba.
Thanks and Regards
Sudheer
________________________________
From: Sudheer Kurichiyath
Sent: Friday, August 29, 2008 1:54 PM
To: 'samba at lists.samba.org'
Subject: SPNEGO NTLMSSP failure
Hi,
The cifs client that I am working on is having some problem with SPNEGO/NTLMSSP. Session Setup AndX is failing in the last exchange of NTLMSSP. The error I am getting is 0xC00000D(STATUS_INVALID_PARAMETER). I am also seeing the following message in the log
"spnego_parse_auth(466) spnego_auth_parse failed at 7. "
I am using Heimdal library to generate SPNEGO/NTLMSSP messages.
I very much appreciate if someone could provide me the reasons for this error. The samba server I am using is Samba 3.0.28-0.el5.8.
Thanks and Regards
Sudheer
More information about the samba
mailing list