none
SPNEGO - mechListMIC RRS feed

  • Question

  •  Hi All,

    After posting this in other places, I thought I might get a better response here.

    I'm grasping at straws here trying to find someone (most likely as MSFT) that knows if I can get this functionality back but here it goes.  Pre-Server 2008 file servers had a section in the Security Blob for SMB protocol negotiation that included an optional token (mechListMIC). One of the fields within this token was called "principal". Within that field was a value that equated to servername$@domain.com. This was defined by Microsoft as a "hint" for cross-forest scenarios.

    Moving forward to Server 2008, I see that this value goes undefined - in other words when client sends an SMB Negotiate Protocol Request to a Server 2008 file server, the server now neglects to populate this field in the SMB Negotiate Protocol Response. I found proof from Microsoft that this was removed in the following link (last paragraph):

    http://msdn.microsoft.com/en-us/library/cc213132.aspx

    My question is, is there any way I can get that back even though it's not used by Windows? I found a 3rd party app (that will remain nameless) that uses this field to construct a TGS-REQ for Kerberos authentication. The product integrates OS X with Kerberos and DFS. Any insight would be much appreciated. I know this is an obscure question and I'm not exactly sure this is even the right forum to use - I just don't know where else to post questions about SMB protocol negotiation. Thanks!
    -joe c
    Friday, August 22, 2008 5:43 PM

Answers

  •  

    Hi, Joe,

     

        After reviewing  carefully your question with the product team ,  we concluded that  we cannot change the related implementation in Windows 2008.   The history of  the this feature change is well explained in the Windows Behavior  section of [MS-SPNG]( http://msdn.microsoft.com/en-us/library/cc213073.aspx).      If you can tell us  how you are using this message , we can then see if there is any alternative for you.

     

    Thanks !

     


    Hongwei Sun -MSFT
    • Marked as answer by KeithHa Wednesday, September 17, 2008 5:35 PM
    Friday, September 12, 2008 2:43 PM

All replies

  •  

    Hi, thanks for your post.
    We will review your question and update the forum once our investigation is complete. Thanks!

    Thanks!
    John Dunning
    Escalation Engineer Microsoft Corporation
    US-CSS DSC PROTOCOL TEAM

    Saturday, August 23, 2008 2:40 PM
  •  

    Hi, Joe,

     

        After reviewing  carefully your question with the product team ,  we concluded that  we cannot change the related implementation in Windows 2008.   The history of  the this feature change is well explained in the Windows Behavior  section of [MS-SPNG]( http://msdn.microsoft.com/en-us/library/cc213073.aspx).      If you can tell us  how you are using this message , we can then see if there is any alternative for you.

     

    Thanks !

     


    Hongwei Sun -MSFT
    • Marked as answer by KeithHa Wednesday, September 17, 2008 5:35 PM
    Friday, September 12, 2008 2:43 PM