SPNEGO works perfectly well with security=domain, so don't exclude it.

(This used to be commit 26a9479ad450a5135e54b45d659bf3558892d9e6)

1 files changed, 7 insertions, 3 deletions

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index e4285cb27c..045e16a9bb 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -159,7 +159,7 @@ static int reply_lanman2(char *inbuf, char *outbuf)
 /* 
    generate the spnego negprot reply blob. Return the number of bytes used
 */
-static int negprot_spnego(char *p, uint8 cryptkey[8])
+static int negprot_spnego(char *p)
 {
 	DATA_BLOB blob;
 	extern pstring global_myname;
@@ -217,7 +217,8 @@ static int reply_nt1(char *inbuf, char *outbuf)
 		/* do spnego in user level security if the client
 		   supports it and we can do encrypted passwords */
 		if (global_encrypted_passwords_negotiated && 
-		    lp_security() == SEC_USER &&
+		    (lp_security() == SEC_USER ||
+		     lp_security() == SEC_DOMAIN) &&
 		    (SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) {
 			negotiate_spnego = True;
 			capabilities |= CAP_EXTENDED_SECURITY;
@@ -285,10 +286,13 @@ static int reply_nt1(char *inbuf, char *outbuf)
 		if (global_encrypted_passwords_negotiated) memcpy(p, cryptkey, 8);
 		SSVALS(outbuf,smb_vwv16+1,8);
 		p += 8;
+		DEBUG(3,("not using SPNEGO\n"));
 	} else {
-		int len = negprot_spnego(p, cryptkey);
+		int len = negprot_spnego(p);
+		
 		SSVALS(outbuf,smb_vwv16+1,len);
 		p += len;
+		DEBUG(3,("using SPNEGO\n"));
 	}
 	p += srvstr_push(outbuf, p, global_myworkgroup, -1, 
 			 STR_UNICODE|STR_TERMINATE|STR_NOALIGN);