3.2.5.2 Receiving an SMB_COM_NEGOTIATE Response
Processing of an SMB_COM_NEGOTIATE response is handled as specified in [MS-CIFS] section 3.2.5.2 with the following additions:
Storing extended security token and ServerGUID
If the capabilities returned in the SMB_COM_NEGOTIATE response include CAP_EXTENDED_SECURITY, then the response MUST take the form defined in section 2.2.4.5.2, and the client MUST set the Client.Connection.GSSNegotiateToken to the value returned in the SecurityBlob field in the SMB_COM_NEGOTIATE server response.<93> If SecurityBlobLength is 0, then client-initiated authentication, with an authentication protocol of the client's choice, will be used instead of server-initiated SPNEGO authentication as described in [MS-AUTHSOD] section 2.1.2.2. The client MUST also set the Client.Connection.ServerGUID to the value returned in the ServerGUID field in the SMB_COM_NEGOTIATE server response.<94>