3.3.5.3.1 SMB 2.1 or SMB 3.x Support

If the server does not implement the SMB 2.1 or 3.x dialect family, processing MUST continue as specified in 3.3.5.3.2.

Otherwise, the server MUST scan the dialects provided for the dialect string "SMB 2.???". If the string is not present, continue to section 3.3.5.3.2. If the string is present, the server MUST respond with an SMB2 NEGOTIATE Response as specified in 2.2.4. If the string is present and the underlying connection is either TCP port 445 or RDMA, Connection.SupportsMultiCredit MUST be set to TRUE. 

The server MUST set the command of the SMB2 header to SMB2 NEGOTIATE. All other values MUST be set following the syntax specified in section 2.2.1, and any value not defined there with a default MUST be set to 0. The header is followed by an SMB2 NEGOTIATE Response that MUST be constructed as specified in 2.2.4, with the following specific values:

  • SecurityMode MUST have the SMB2_NEGOTIATE_SIGNING_ENABLED bit set.

  • If RequireMessageSigning is TRUE, the server MUST also set SMB2_NEGOTIATE_SIGNING_REQUIRED in the SecurityMode.

  • DialectRevision MUST be set to 0x02FF.

  • ServerGuid is set to the global ServerGuid value.

  • The Capabilities field MUST be set to a combination of zero or more of the following bit values, as specified in section 2.2.4:

    • SMB2_GLOBAL_CAP_DFS if the server supports the Distributed File System.

    • SMB2_GLOBAL_CAP_LEASING if the server supports leasing.

    • SMB2_GLOBAL_CAP_LARGE_MTU if Connection.SupportsMultiCredit is TRUE.

  • MaxTransactSize is set to the maximum buffer size, in bytes, that the server will accept on this connection for QUERY_INFO, QUERY_DIRECTORY, SET_INFO, and CHANGE_NOTIFY operations. This field is applicable only for buffers sent by the client in SET_INFO requests, or returned from the server in QUERY_INFO, QUERY_DIRECTORY, and CHANGE_NOTIFY responses. This value SHOULD<222> be greater than or equal to 65536. Connection.MaxTransactSize MUST be set to MaxTransactSize.

  • MaxReadSize is set to the maximum size, in bytes, of the Length in an SMB2 READ Request (2.2.19) that the server will accept on the transport that established this connection. This value SHOULD<223> be greater than or equal to 65536. Connection.MaxReadSize MUST be set to MaxReadSize.

  • MaxWriteSize is set to the maximum size, in bytes, of the Length in an SMB2 Write Request (2.2.21) that the server will accept on the transport that established this connection. This value SHOULD<224> be greater than or equal to 65536. Connection.MaxWriteSize MUST be set to MaxWriteSize.

  • SystemTime is set to the current time, in FILETIME format as specified in [MS-DTYP] section 2.3.3.

  • ServerStartTime is set to the global ServerStartTime value.

  • SecurityBufferOffset is set to the offset to the Buffer field in the response, in bytes, from the beginning of the SMB2 header.

  • SecurityBufferLength is set to the length of the data being returned in the Buffer field.

  • Buffer is filled with a GSS token, generated as follows. Alternatively, an empty Buffer MAY be returned, which elicits client-initiated authentication with an authentication protocol of the client's choice.

The generation of the GSS token for the SMB2 NEGOTIATE Response MUST be done as specified in [MS-SPNG] 3.2.5.2. The server MUST initialize the mechanism with the Integrity, Confidentiality, and Delegate options and use the server-initiated variation as specified in [MS-SPNG] section 3.2.5.2.

Connection.NegotiateDialect MUST be set to 0x02FF, and the response is sent to the client.

Show: