Export (0) Print
Expand All

3.1.5.1.1 Client Initiates the NEGOTIATE_MESSAGE

When the client application initiates the exchange through SSPI, the NTLM client sends the NEGOTIATE_MESSAGE to the server, which is embedded in an application protocol message, and encoded according to that application protocol.

If ClientBlocked == TRUE and targ_name ([RFC2743] section 2.2.1) does not equal any of the ClientBlockExceptions server names, then the NTLM client MUST return STATUS_NOT_SUPPORTED to the client application.<41>

The client prepares a NEGOTIATE_MESSAGE and sets the following fields:

  • The Signature field is set to the string, "NTLMSSP".

  • The MessageType field is set to NtLmNegotiate.

The client sets the following configuration flags in the NegotiateFlags field of the NEGOTIATE_MESSAGE:

  • NTLMSSP_REQUEST_TARGET

  • NTLMSSP_NEGOTIATE_NTLM

  • NTLMSSP_NEGOTIATE_ALWAYS_SIGN

  • NTLMSSP_NEGOTIATE_UNICODE

If LM authentication is not being used, then the client sets the following configuration flag in the NegotiateFlags field of the NEGOTIATE_MESSAGE:

  • NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY

In addition, the client sets the flags specified by the application in the NegotiateFlags field in addition to the initialized flags.

If the NTLMSSP_NEGOTIATE_VERSION flag is set by the client application, the Version field MUST be set to the current version (section 2.2.2.10), the DomainName field MUST be set to a zero-length string, and the Workstation field MUST be set to a zero-length string.

 
Show:
© 2014 Microsoft