From 99d35904552b01ef9f2adc40e16887da9eb4de69 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 2 Apr 2008 02:29:48 +0200 Subject: Fix NETLOGON credential chain with Windows 2008 all over the place. In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther (This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0) --- source3/rpcclient/rpcclient.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpcclient/rpcclient.c') diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 5e87058111..52dba2291b 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -607,7 +607,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, } if (cmd_entry->pipe_idx == PI_NETLOGON) { - uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; uint32 sec_channel_type; uchar trust_password[16]; -- cgit