added 'security=ADS'

(This used to be commit 5a735a88e472a48cd4329832998dc31c1e230ecb)

3 files changed, 9 insertions, 1 deletions

diff --git a/source3/include/smb.h b/source3/include/smb.h
index d3b999f3cb..1d7612e9e8 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1282,7 +1282,7 @@ char *strdup(char *s);
 enum protocol_types {PROTOCOL_NONE,PROTOCOL_CORE,PROTOCOL_COREPLUS,PROTOCOL_LANMAN1,PROTOCOL_LANMAN2,PROTOCOL_NT1};
 
 /* security levels */
-enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN};
+enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN,SEC_ADS};
 
 /* server roles */
 enum server_types
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 548dd83769..b967c5b63f 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -547,6 +547,7 @@ static struct enum_list enum_security[] = {
 	{SEC_USER, "USER"},
 	{SEC_SERVER, "SERVER"},
 	{SEC_DOMAIN, "DOMAIN"},
+	{SEC_ADS, "ADS"},
 	{-1, NULL}
 };
 
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index d080c23332..8a01a59bf2 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -171,6 +171,13 @@ static int negprot_spnego(char *p)
 	safe_strcpy((char *)guid, global_myname, 16);
 	strlower((char *)guid);
 
+	/* strangely enough, NT does not sent the single OID NTLMSSP when
+	   not a ADS member, it sends no OIDs at all */
+	if (lp_security() != SEC_ADS) {
+		memcpy(p, guid, 16);
+		return 16;
+	}
+
 	/* win2000 uses host$@REALM, which we will probably use eventually,
 	   but for now this works */
 	asprintf(&principal, "HOST/%s@%s", guid, lp_realm());