Simo Sorce
Simo Sorce
To respond to both your question, the MIC is not harmful ever, and I will accept a patch that will unconditionally add a MIC when NTLMv2 is negotiated and the...
Yes when a MIC is allowed and you are doing a Negotiate through the SPNEGO mechanism then we add a mechListMIC, this protects the whole SPNEGO negotiation as well, not...
Trace looks good too.
The mechListMIC is produced by the SPNEGO layer, at some point I knew all the reasons of why and when and how the mechListMIC was added as I had to...
Ah too bad, I would still love to see a patch that adds the NTLM level MIC unconditionally, I think that's the right way to go and may help.
@amandeepgautam can you remind me what implements the SPNEGO layer in the unsuccessful code? In the unsuccessful case I see the client sending an odd negresult: accept-incomplete(1) in the negTokenArg,...
I also see a difference in case for both domain name and host name in the unsuccessful attempt. The host name specifically may be a problem because the Workstation name...
I think the main oddity remains the SPNEGO malformed response, and that can easily cause the STATUS_INVALID_PARAMETER error I suppose.
Now that I released 1.1 we can take a look at this.
@amandeepgautam it should be easy enough, it is just a change of defaults. You can easily test if #6 is connected to this my unconditionally calling gss_inquire_sec_context_by_oid(ctx, spnego_req_mechlistMIC_oid) in your...