1 files changed, 6 insertions, 8 deletions

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 16427b00d7..2be04fd686 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -170,9 +170,9 @@ static int negprot_spnego(char *p)
 	DATA_BLOB blob;
 	extern pstring global_myname;
 	uint8 guid[16];
-	const char *OIDs_krb5[] = {OID_KERBEROS5,
+	const char *OIDs_krb5[] = {OID_NTLMSSP,
+				   OID_KERBEROS5,
 				   OID_KERBEROS5_OLD,
-				   OID_NTLMSSP,
 				   NULL};
 	const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
 	char *principal;
@@ -199,7 +199,9 @@ static int negprot_spnego(char *p)
 	if (lp_security() != SEC_ADS) {
 		blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
 	} else {
-		asprintf(&principal, "%s$@%s", guid, lp_realm());
+		/* win2000 uses host$@REALM, which we will probably use eventually,
+		   but for now this works */
+		asprintf(&principal, "HOST/%s@%s", guid, lp_realm());
 		blob = spnego_gen_negTokenInit(guid, OIDs_krb5, principal);
 		free(principal);
 	}
@@ -237,11 +239,7 @@ static int reply_nt1(char *inbuf, char *outbuf)
 		capabilities |= CAP_EXTENDED_SECURITY;
 	}
 	
-	capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS;
-
-	if (lp_unix_extensions()) {
-		capabilities |= CAP_UNIX;
-	}
+	capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS|CAP_UNIX;
 	
 	if (lp_large_readwrite() && (SMB_OFF_T_BITS == 64))
 		capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;