In the course of our recent poking around ntlmssp we discovered (or rediscovered perhaps) that the tconX response from Windows 2k (or XP) to Windows 2k has a wct of 7 not 3 as Samba and everyone else understands. Turns out that this is controlled by whether the client sets the tcon flags in the request to 0x0008 (the only flag bit that is documented is 0x0001 which means "disconnect tid"). I confirmed this by forcing the Linux cifs vfs to set this tconX flag bit. The two extra DWORDs that are being returned by Windows on the tconX response relate to access control (similar looking to access flags) - a common default is 0x001f01ff (twice). Changing the permissions on the root of the share causes these bits to change in interesting ways but we haven't quite put the puzzle together. Any ideas as to exactly why two access control dwords? and how to prove that they represent the access_flags we think that they do? (the windows gui makes it tricky to set the bits granular enough to figure out how they map to these flag bits - it oversimplifies)
Steve French Senior Software Engineer Linux Technology Center - IBM Austin phone: 512-838-2294 email: [EMAIL PROTECTED]