s3-winbindd: Allow winbindd to connect over SMB2 to servers

This allows SMB signing to work against many more DCs, and so improves network security.

The default for "client max protocol" remains NT1 in the rest of the code.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 14f6256c515ff4af4f478f947ad89b7edc8743cf)

1 files changed, 19 insertions, 1 deletions

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 884cc45e25c..d2afac780d7 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -643,7 +643,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 	Globals.max_open_files = max_open_files();
 	Globals.server_max_protocol = PROTOCOL_SMB3_00;
 	Globals.server_min_protocol = PROTOCOL_LANMAN1;
-	Globals.client_max_protocol = PROTOCOL_NT1;
+	Globals._client_max_protocol = PROTOCOL_DEFAULT;
 	Globals.client_min_protocol = PROTOCOL_CORE;
 	Globals._security = SEC_AUTO;
 	Globals.encrypt_passwords = true;
@@ -4336,6 +4336,24 @@ int lp_security(void)
 				lp__security());
 }
 
+int lp_client_max_protocol(void)
+{
+	int client_max_protocol = lp__client_max_protocol();
+	if (client_max_protocol == PROTOCOL_DEFAULT) {
+		return PROTOCOL_NT1;
+	}
+	return client_max_protocol;
+}
+
+int lp_winbindd_max_protocol(void)
+{
+	int client_max_protocol = lp__client_max_protocol();
+	if (client_max_protocol == PROTOCOL_DEFAULT) {
+		return PROTOCOL_LATEST;
+	}
+	return client_max_protocol;
+}
+
 struct loadparm_global * get_globals(void)
 {
 	return &Globals;