Natalie Li wrote:
Security Blob: 605506062B0601050502A04B3049A00E300C060A2B060104...
GSS-API Generic Security Service Application Program
Interface
OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected
Negotiation)
SPNEGO
negTokenInit
mechTypes: 1 item
Item: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP -
Microsoft NTLM Security Support Provider)
mechToken:
4E544C4D535350000100000097B208E2060006002F000000...
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_NEGOTIATE
(0x00000001)
Flags: 0xe208b297
Calling workstation domain: NLW2K8
Calling workstation name: PHANTOM
In CIFS, Windows clients typically send raw NTLMSSP messages in non AD
environment while domain clients send NTLMSSP w/ SPNEGO. I don't
really know whether my observation apply here when NTLM is used as a
SASL mech.
Natalie
Sorry it was late at night and I didn't say it right as my brain was
half-asleep.
Typically, if authenticating against a standalone Windows server, raw
NTLMSSP has been observed to be used by Windows clients.
If authenticating against a Windows domain member server (say in domain
A), assuming your client is either in a different domain which is not
trusted by domain A or in workgroup mode, NTLMSSP w/ SPNEGO is used.
Again, I'm describing how NTLM auth is used in file sharing context.
Regards,
Natalie
Max (Weijun) Wang wrote:
How are these 2 forms used (by MS and others)? I've never seen an
NTLM token embedded inside the SPNEGO initial context token.
Thanks
Max
