summaryrefslogtreecommitdiff
path: root/source3/rpc_client
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_client')
-rw-r--r--source3/rpc_client/cli_netlogon.c11
-rw-r--r--source3/rpc_client/cli_pipe.c4
2 files changed, 13 insertions, 2 deletions
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index ec16186462..851a4a8da8 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -132,6 +132,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
struct netr_Credential clnt_chal_send;
struct netr_Credential srv_chal_recv;
struct dcinfo *dc;
+ bool retried = false;
SMB_ASSERT(cli->pipe_idx == PI_NETLOGON);
@@ -153,6 +154,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
fstr_sprintf( dc->mach_acct, "%s$", machine_account);
+ again:
/* Create the client challenge. */
generate_random_buffer(clnt_chal_send.data, 8);
@@ -186,6 +188,15 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
&clnt_chal_send, /* input. */
&srv_chal_recv, /* output. */
neg_flags_inout);
+
+ /* we might be talking to NT4, so let's downgrade in that case and retry
+ * with the returned neg_flags - gd */
+
+ if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) && !retried) {
+ retried = true;
+ goto again;
+ }
+
if (!NT_STATUS_IS_OK(result)) {
return result;
}
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 1fd06f868e..71422cd9ad 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2600,7 +2600,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state
const char *password,
NTSTATUS *perr)
{
- uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
struct rpc_pipe_client *netlogon_pipe = NULL;
struct rpc_pipe_client *result = NULL;
@@ -2634,7 +2634,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_schannel(struct cli_state *cli,
const char *domain,
NTSTATUS *perr)
{
- uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
struct rpc_pipe_client *netlogon_pipe = NULL;
struct rpc_pipe_client *result = NULL;