diff options
author | Günther Deschner <gd@samba.org> | 2008-04-02 02:29:48 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2008-04-02 11:12:47 +0200 |
commit | 0970369ca0cb9ae465cff40e5c75739824daf1d0 (patch) | |
tree | 920de08a1bb76e9c7b89092db245133576828b09 /source/auth/auth_domain.c | |
parent | 547eacf6058d2bc5b41b266b70f8f4747aca4eae (diff) | |
download | samba-0970369ca0cb9ae465cff40e5c75739824daf1d0.tar.gz |
Fix NETLOGON credential chain with Windows 2008 all over the place.
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8
netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate
flags everywhere (not only when running in security=ads). Only for NT4 we need
to do a downgrade to the returned negotiate flags.
Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6.
Guenther
Diffstat (limited to 'source/auth/auth_domain.c')
-rw-r--r-- | source/auth/auth_domain.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/source/auth/auth_domain.c b/source/auth/auth_domain.c index c9aa0648f45..f526677eca6 100644 --- a/source/auth/auth_domain.c +++ b/source/auth/auth_domain.c @@ -126,7 +126,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result))); if (!lp_client_schannel()) { /* We need to set up a creds chain on an unauthenticated netlogon pipe. */ - uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; uint32 sec_chan_type = 0; unsigned char machine_pwd[16]; const char *account_name; |