The session setup step is most frequently a multi-step process. For the
first two of the following common cases you will have at least two
SMBSessionSetupX roundtrips:
1) "raw NTLMSSP" (e.g. clients connecting to Windows 2000 Professsional or
XP) which was mostly documented by Microsoft in chapter 11 of the OpenGroup
ActiveX Technical Reference (which is available online) as well as some
talks that Microsoft has given at various conferences.
2) SPNEGO/GSSAPI encapsulated NTLMSSP or Kerberos (depending on where the
client logged on to) which you will see most frequently with Windows
clients going to Windows 2000 servers. This is basically the same stuff
you see in the GSSAPI and Kerberos RFCs encapsulated in SMB SessionSetupX
and was summarized in a good talk by Craig Russ at the 2000 CIFS Conference
(http://www.snia.org/data/resources/presentations/cifs_2000/Craig_Russ.ppt)
3) NTLM session establishment which is documented in the SNIA CIFS
Technical Reference
4) Backlevel session establishment is documented by X/Open in the 1992 SMB
Standard

In both cases there are at least two SMBSessionSetupX roundtrips whose
payload includes the security blob. The current beta versions of the
popular Ethereal network analyzer do a pretty good job decoding this.

Another minor correction - the "decomission uid" step occurs at SMBuLogoffX
(after SMBtreeDisconnect or SMBtreeConnect with the disconnect tid flag).
If the client fails to send SMBuLogoffX (as some early levels of
Windows2000 forgot to do), there is an implicit release of the uid when the
tcp session is closed.

Steve French
Senior Software Engineer
Linux Technology Center - IBM Austin
phone: 512-838-2294
email: sfrenchus.ibm.com

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info including how to unsubscribe. Save time, search
the archives at http://discuss.microsoft.com/archives/index.html

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]