2 files changed, 17 insertions, 0 deletions

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index fb487dfdcf..a2ca897981 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -543,9 +543,20 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
 	uint32_t context_id;
 	const struct dcesrv_interface *iface;
 
+#if 0
+	/* It is not safe to enable this check - windows clients
+	 * (WinXP in particular) will use it for NETLOGON calls, for
+	 * the subsequent SCHANNEL bind.  It turns out that NETLOGON
+	 * calls include no policy handles, so it is safe there.  Let
+	 * the failure occour on the attempt to reuse a poilcy handle,
+	 * rather than here */
+
+	/* Association groups allow policy handles to be shared across
+	 * multiple client connections.  We don't implement this yet. */
 	if (call->pkt.u.bind.assoc_group_id != 0) {
 		return dcesrv_bind_nak(call, 0);	
 	}
+#endif
 
 	if (call->pkt.u.bind.num_contexts < 1 ||
 	    call->pkt.u.bind.ctx_list[0].num_transfer_syntaxes < 1) {
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index 21d17c5caa..3e129e4f6b 100644
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -3,9 +3,15 @@
 #
 ## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema
 ## 1.3.6.1.4.1.7165.4.1.x - attributetypes
+
 ## 1.3.6.1.4.1.7165.4.2.x - objectclasses
+
 ## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
+### see dsdb/samdb/samdb.h
+
 ## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
+### see dsdb/samdb/samdb.h
+
 ## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
 #
 #