Based on the data below, looks like we can safely default to ntlmv2 in raw NTLMSSP for anything beyond NT4 SP3. Other than legacy servers (LANMAN), anyone aware of servers which will not accept this? "Windows accepts raw NTLM NEGOTIATE messages that are not embedded in [RFC2743] InitialContextTokens in the SecurityBlob of an SMB_COM_SESSION_SETUP_ANDX request packet. This was introduced in the NTLMv2 implementation of Windows NT 4 Service Pack 4. Windows servers do not accept NTLM messages that are properly contained inside a GSS InitialContextToken. The server responds with STATUS_INVALID_PARAMETER. ... GSSAPI/SPNEGO support for Kerberos and NTLMSSP was introduced in Windows 2000. " -- Thanks, Steve -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
