[Samba] Suppressing the GSS-API SPNEGO negTokenInit message on Negotiate Protocol Response
Shay Barak
shiber at gmail.com
Sun Sep 19 16:51:45 MDT 2010
Dear SAMBA experts,
I'm looking to emulate the behavior of some older Windows servers, mainly
old Win2k/XP machines.
On newer clients (possibly XP-SP2 and above), the SMB server will send a
GSS-API message at the end of the Negotiate Protocol Response packet
detailing the supported Security Service Providers by OIDs in a negTokenInit
structure. However, older servers did not send this message and usually
received a "raw" (i.e. not wrapped in a GSS-API message) NTLMSSP type 1
Negotiate message (or occasionally a Kerberos BLOB) in the following Session
Setup AndX Request. This is the kind of behavior that I'm looking to
emulate.
I tried setting "use spnego = no" in the smb.conf file but it removed
Extended Security from the FLAGS2 field and as a result I received an
entirely different response from the client (not the raw NTLMSSP BLOB that I
was looking for).
Is it possible to get the behavior that I want from SAMBA?
Thanks.
More information about the samba
mailing list