Fix NETLOGON credential chain with Windows 2008 all over the place.

In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther (This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0)
author: Günther Deschner <gd@samba.org> 2008-04-02 02:29:48 +0200
committer: Günther Deschner <gd@samba.org> 2008-04-02 11:12:47 +0200
commit: 99d35904552b01ef9f2adc40e16887da9eb4de69 (patch)
tree: 9362193c6a4a8a3dbc51e51f0c6c39416fd1dbe6 /source3/rpcclient
parent: 5b07337cc5e853d0f02554593f4eb842191d67e5 (diff)
download: samba-99d35904552b01ef9f2adc40e16887da9eb4de69.tar.gz
samba-99d35904552b01ef9f2adc40e16887da9eb4de69.tar.bz2
samba-99d35904552b01ef9f2adc40e16887da9eb4de69.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 5e87058111..52dba2291b 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -607,7 +607,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
 		}
 
 		if (cmd_entry->pipe_idx == PI_NETLOGON) {
-			uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
+			uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
 			uint32 sec_channel_type;
 			uchar trust_password[16];
author	Günther Deschner <gd@samba.org>	2008-04-02 02:29:48 +0200
committer	Günther Deschner <gd@samba.org>	2008-04-02 11:12:47 +0200
commit	99d35904552b01ef9f2adc40e16887da9eb4de69 (patch)
tree	9362193c6a4a8a3dbc51e51f0c6c39416fd1dbe6 /source3/rpcclient
parent	5b07337cc5e853d0f02554593f4eb842191d67e5 (diff)
download	samba-99d35904552b01ef9f2adc40e16887da9eb4de69.tar.gz samba-99d35904552b01ef9f2adc40e16887da9eb4de69.tar.bz2 samba-99d35904552b01ef9f2adc40e16887da9eb4de69.zip