No. Time Source Destination Protocol Info Client-IP NetApp-IP SMB Negotiate Protocol Request Frame 101: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) Ethernet II, Src: Client-Mac, Dst: NetApp-Mac Internet Protocol, Src: Client-IP, Dst: NetApp-IP NetBIOS Session Service Message Type: Session message Length: 78 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 102] SMB Command: Negotiate Protocol (0x72) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc801 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 0 Process ID: 4596 User ID: 0 Multiplex ID: 1 Negotiate Protocol Request (0x72) Word Count (WCT): 0 Byte Count (BCC): 43 Requested Dialects Dialect: LM1.2X002 Buffer Format: Dialect (2) Name: LM1.2X002 Dialect: LANMAN2.1 Buffer Format: Dialect (2) Name: LANMAN2.1 Dialect: NT LM 0.12 Buffer Format: Dialect (2) Name: NT LM 0.12 Dialect: POSIX 2 Buffer Format: Dialect (2) Name: POSIX 2 No. Time Source Destination Protocol Info NetApp-IP Client-IP SMB Negotiate Protocol Response Frame 102: 225 bytes on wire (1800 bits), 225 bytes captured (1800 bits) Ethernet II, Src: NetApp-Mac, Dst: Client-Mac Internet Protocol, Src: NetApp-IP, Dst: Client-IP Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 40522 (40522), Seq: 1, Ack: 83, Len: 159 NetBIOS Session Service Message Type: Session message Length: 155 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 101] [Time from request: 0.000617000 seconds] SMB Command: Negotiate Protocol (0x72) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x98 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized .... 1... = Case Sensitivity: Path names are caseless .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x8001 1... .... .... .... = Unicode Strings: Strings are Unicode .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 0 Process ID: 4596 User ID: 0 Multiplex ID: 1 Negotiate Protocol Response (0x72) Word Count (WCT): 17 Dialect Index: 2: NT LM 0.12 Security Mode: 0x07 .... ...1 = Mode: USER security mode .... ..1. = Password: ENCRYPTED password. Use challenge/response .... .1.. = Signatures: Security signatures ENABLED .... 0... = Sig Req: Security signatures NOT required Max Mpx Count: 126 Max VCs: 1 Max Buffer Size: 33028 Max Raw Buffer: 65536 Session Key: 0x6b4c12b9 Capabilities: 0x8000d3fd .... .... .... .... .... .... .... ...1 = Raw Mode: Read Raw and Write Raw are supported .... .... .... .... .... .... .... ..0. = MPX Mode: Read Mpx and Write Mpx are not supported .... .... .... .... .... .... .... .1.. = Unicode: Unicode strings are supported .... .... .... .... .... .... .... 1... = Large Files: Large files are supported .... .... .... .... .... .... ...1 .... = NT SMBs: NT SMBs are supported .... .... .... .... .... .... ..1. .... = RPC Remote APIs: RPC remote APIs are supported .... .... .... .... .... .... .1.. .... = NT Status Codes: NT status codes are supported .... .... .... .... .... .... 1... .... = Level 2 Oplocks: Level 2 oplocks are supported .... .... .... .... .... ...1 .... .... = Lock and Read: Lock and Read is supported .... .... .... .... .... ..1. .... .... = NT Find: NT Find is supported .... .... .... .... ...1 .... .... .... = Dfs: Dfs is supported .... .... .... .... ..0. .... .... .... = Infolevel Passthru: NT information level request passthrough is not supported .... .... .... .... .1.. .... .... .... = Large ReadX: Large Read andX is supported .... .... .... .... 1... .... .... .... = Large WriteX: Large Write andX is supported .... .... 0... .... .... .... .... .... = UNIX: UNIX extensions are not supported .... ..0. .... .... .... .... .... .... = Reserved: Reserved ..0. .... .... .... .... .... .... .... = Bulk Transfer: Bulk Read and Bulk Write are not supported .0.. .... .... .... .... .... .... .... = Compressed Data: Compressed data transfer is not supported 1... .... .... .... .... .... .... .... = Extended Security: Extended security exchanges are supported System Time: May 10, 2011 16:56:23.945396000 CEST Server Time Zone: -120 min from UTC Key Length: 0 Byte Count (BCC): 86 Server GUID: 4505000gda5ff25e695c5d7f47c94b47 Security Blob: 604406062b0601050502a03a3038a018301606092a864882... GSS-API Generic Security Service Application Program Interface OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation) Simple Protected Negotiation negTokenInit mechTypes: 2 items MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5) MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5) mechListMIC: 301aa0181b1666696c657230322440494e5452414e45542e... principal: filer02$@MY.REALM No. Time Source Destination Protocol Info Client-IP NetApp-IP SMB Session Setup AndX Request Frame 106: 534 bytes on wire (4272 bits), 534 bytes captured (4272 bits) Ethernet II, Src: Client-Mac, Dst: NetApp-Mac Internet Protocol, Src: Client-IP, Dst: NetApp-IP Transmission Control Protocol, Src Port: 40522 (40522), Dst Port: microsoft-ds (445), Seq: 1531, Ack: 160, Len: 468 NetBIOS Session Service Message Type: Session message Length: 1912 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 107] SMB Command: Session Setup AndX (0x73) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xd805 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...1 .... .... .... = Dfs: Resolve pathnames with Dfs .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .1.. = Security Signatures: Security signatures are supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: d223861c9cb23187 Reserved: 0000 Tree ID: 0 Process ID: 4596 User ID: 0 Multiplex ID: 2 Session Setup AndX Request (0x73) Word Count (WCT): 12 AndXCommand: No further commands (0xff) Reserved: 00 AndXOffset: 0 Max Buffer: 33028 Max Mpx Count: 126 VC Number: 3 Session Key: 0x6b4c12b9 Security Blob Length: 1736 Reserved: 00000000 Capabilities: 0x8000d0dc .... .... .... .... .... .... .... ...0 = Raw Mode: Read Raw and Write Raw are not supported .... .... .... .... .... .... .... ..0. = MPX Mode: Read Mpx and Write Mpx are not supported .... .... .... .... .... .... .... .1.. = Unicode: Unicode strings are supported .... .... .... .... .... .... .... 1... = Large Files: Large files are supported .... .... .... .... .... .... ...1 .... = NT SMBs: NT SMBs are supported .... .... .... .... .... .... ..0. .... = RPC Remote APIs: RPC remote APIs are not supported .... .... .... .... .... .... .1.. .... = NT Status Codes: NT status codes are supported .... .... .... .... .... .... 1... .... = Level 2 Oplocks: Level 2 oplocks are supported .... .... .... .... .... ...0 .... .... = Lock and Read: Lock and Read is not supported .... .... .... .... .... ..0. .... .... = NT Find: NT Find is not supported .... .... .... .... ...1 .... .... .... = Dfs: Dfs is supported .... .... .... .... ..0. .... .... .... = Infolevel Passthru: NT information level request passthrough is not supported .... .... .... .... .1.. .... .... .... = Large ReadX: Large Read andX is supported .... .... .... .... 1... .... .... .... = Large WriteX: Large Write andX is supported .... .... 0... .... .... .... .... .... = UNIX: UNIX extensions are not supported .... ..0. .... .... .... .... .... .... = Reserved: Reserved ..0. .... .... .... .... .... .... .... = Bulk Transfer: Bulk Read and Bulk Write are not supported .0.. .... .... .... .... .... .... .... = Compressed Data: Compressed data transfer is not supported 1... .... .... .... .... .... .... .... = Extended Security: Extended security exchanges are supported Byte Count (BCC): 1853 Security Blob: 608206c406062b0601050502a08206b8308206b4a00d300b... GSS-API Generic Security Service Application Program Interface OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation) Simple Protected Negotiation negTokenInit mechTypes: 1 item MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5) mechToken: 6082069906092a864886f71201020201006e820688308206... krb5_blob: 6082069906092a864886f71201020201006e820688308206... KRB5 OID: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5) krb5_tok_id: KRB5_AP_REQ (0x0001) Kerberos AP-REQ Pvno: 5 MSG Type: AP-REQ (14) Padding: 0 APOptions: 00000000 0... .... .... .... .... .... .... .... = reserved: RESERVED bit off .0.. .... .... .... .... .... .... .... = Use Session Key: Do NOT use the session key to encrypt the ticket ..0. .... .... .... .... .... .... .... = Mutual required: Mutual authentication is NOT required Ticket Tkt-vno: 5 Realm: MY.REALM Server Name (Principal): cifs/filer02.my.realm Name-type: Principal (1) Name: cifs Name: filer02.my.realm enc-part rc4-hmac Encryption type: rc4-hmac (23) Kvno: 3 enc-part: fa7df5e8a541686093c3b37d143290db906b602a2d786976... Authenticator rc4-hmac Encryption type: rc4-hmac (23) Authenticator data: 49724ea25d4311fae185efaaa024138d31e0a73a1e02e040... Native OS: Linux version 2.6.38-8-generic Native LAN Manager: CIFS VFS Client for Linux Primary Domain: No. Time Source Destination Protocol Info NetApp-IP Client-IP SMB KRB Error: KRB5KRB_AP_ERR_MODIFIED, Error: STATUS_MORE_PROCESSING_REQUIRED Frame 107: 314 bytes on wire (2512 bits), 314 bytes captured (2512 bits) Ethernet II, Src: NetApp-Mac, Dst: Client-Mac Internet Protocol, Src: NetApp-IP, Dst: Client-IP NetBIOS Session Service Message Type: Session message Length: 244 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 106] [Time from request: 0.001178000 seconds] SMB Command: Session Setup AndX (0x73) NT Status: STATUS_MORE_PROCESSING_REQUIRED (0xc0000016) Flags: 0x98 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized .... 1... = Case Sensitivity: Path names are caseless .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0xc807 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .1.. = Security Signatures: Security signatures are supported .... .... .... ..1. = Extended Attributes: Extended attributes are supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: d223861c9cb23187 Reserved: 0000 Tree ID: 0 Process ID: 4596 User ID: 2048 Multiplex ID: 2 Session Setup AndX Response (0x73) Word Count (WCT): 4 AndXCommand: No further commands (0xff) Reserved: 00 AndXOffset: 0 Action: 0x0000 .... .... .... ...0 = Guest: Not logged in as GUEST Security Blob Length: 126 Byte Count (BCC): 201 Security Blob: a17c307aa0030a0101a10b06092a864886f712010202a266... GSS-API Generic Security Service Application Program Interface Simple Protected Negotiation negTokenTarg negResult: accept-incomplete (1) supportedMech: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5) responseToken: 606206092a864886f71201020203007e533051a003020105... krb5_blob: 606206092a864886f71201020203007e533051a003020105... KRB5 OID: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5) krb5_tok_id: KRB5_ERROR (0x0003) Kerberos KRB-ERROR Pvno: 5 MSG Type: KRB-ERROR (30) stime: 2011-05-10 14:56:23 (UTC) susec: 951396 error_code: KRB5KRB_AP_ERR_MODIFIED (41) Realm: MY.REALM Server Name (Principal): FILER02$ Name-type: Principal (1) Name: FILER02$ Native OS: Windows 5.0 Native LAN Manager: Windows 2000 LAN Manager