Hi, The cifs client that I am working on is having some problem with SPNEGO/NTLMSSP. Session Setup AndX is failing in the last exchange of NTLMSSP. The error I am getting is 0xC00000D(STATUS_INVALID_PARAMETER). I am also seeing the following message in the log "spnego_parse_auth(466) spnego_auth_parse failed at 7. " I am using Heimdal library to generate SPNEGO/NTLMSSP messages. I very much appreciate if someone could provide me the reasons for this error. The samba server I am using is Samba 3.0.28-0.el5.8. Thanks and Regards Sudheer
Hi, There is a problem with the negResult field of NegoTokenArg structure. As per SPNEGO RFC rfc247, NegTokenTarg can have an optional parameter with the name negResult. Samba does not look to support this optional parameter. The function spnego_parse_auth() is failing if a client sends negResult parameter in its SPNEGO response. (My client sends a "accept-incomplete" in the negResult field). A windows-based CIFS server does not have any issue with the response token containing the negResult field. Is there a fix available in Samba for this problem Or am I the first person who is experiencing this issue? The workaround I have is to avoid sending negResult to Samba. Thanks and Regards Sudheer ________________________________ From: Sudheer Kurichiyath Sent: Friday, August 29, 2008 1:54 PM To: 'samba@lists.samba.org' Subject: SPNEGO NTLMSSP failure Hi, The cifs client that I am working on is having some problem with SPNEGO/NTLMSSP. Session Setup AndX is failing in the last exchange of NTLMSSP. The error I am getting is 0xC00000D(STATUS_INVALID_PARAMETER). I am also seeing the following message in the log "spnego_parse_auth(466) spnego_auth_parse failed at 7. " I am using Heimdal library to generate SPNEGO/NTLMSSP messages. I very much appreciate if someone could provide me the reasons for this error. The samba server I am using is Samba 3.0.28-0.el5.8. Thanks and Regards Sudheer
On Tue, Sep 02, 2008 at 03:31:44AM -0700, Sudheer Kurichiyath wrote:> Hi, > > There is a problem with the negResult field of NegoTokenArg structure. As per SPNEGO RFC rfc247, NegTokenTarg can have an optional parameter with the name negResult. > > Samba does not look to support this optional parameter. The function spnego_parse_auth() is failing if a client sends negResult parameter in its SPNEGO response. (My client sends a "accept-incomplete" in the negResult field). A windows-based CIFS server does not have any issue with the response token containing the negResult field. > > Is there a fix available in Samba for this problem Or am I the first person who is experiencing this issue? The workaround I have is to avoid sending negResult to Samba.What version of Samba are you testing against please ? Jeremy.