diff options
author | Günther Deschner <gd@samba.org> | 2008-04-02 02:29:48 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2008-04-02 11:12:47 +0200 |
commit | 99d35904552b01ef9f2adc40e16887da9eb4de69 (patch) | |
tree | 9362193c6a4a8a3dbc51e51f0c6c39416fd1dbe6 /source3/utils | |
parent | 5b07337cc5e853d0f02554593f4eb842191d67e5 (diff) | |
download | samba-99d35904552b01ef9f2adc40e16887da9eb4de69.tar.gz samba-99d35904552b01ef9f2adc40e16887da9eb4de69.tar.bz2 samba-99d35904552b01ef9f2adc40e16887da9eb4de69.zip |
Fix NETLOGON credential chain with Windows 2008 all over the place.
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8
netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate
flags everywhere (not only when running in security=ads). Only for NT4 we need
to do a downgrade to the returned negotiate flags.
Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6.
Guenther
(This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0)
Diffstat (limited to 'source3/utils')
-rw-r--r-- | source3/utils/net_rpc_join.c | 4 | ||||
-rw-r--r-- | source3/utils/net_rpc_samsync.c | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 45c0fe5097..ea3bb10c22 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -46,7 +46,7 @@ NTSTATUS net_rpc_join_ok(const char *domain, const char *server, { enum security_types sec; unsigned int conn_flags = NET_FLAGS_PDC; - uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; struct rpc_pipe_client *netlogon_pipe = NULL; @@ -133,7 +133,7 @@ int net_rpc_join_newstyle(int argc, const char **argv) struct cli_state *cli; TALLOC_CTX *mem_ctx; uint32 acb_info = ACB_WSTRUST; - uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0); + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; uint32 sec_channel_type; struct rpc_pipe_client *pipe_hnd = NULL; diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 87d35b3ef6..986499731a 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -412,7 +412,7 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; uchar trust_password[16]; - uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; uint32 sec_channel_type = 0; if (!secrets_fetch_trust_account_password(domain_name, |