From 17d124490b79cf14e53263eaef333756e18f7ff2 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 12 Dec 2011 19:28:49 +0100 Subject: s4-librpc: Fix NETLOGON credential chain with Windows 2008. Windows Server 2008 returns NT_STATUS_DOWNGRADE_DETECTED if you call netrServerAuthenticate2 during a domain join without setting the strong keys flag (128bit crypto). Only for NT4 we need to do a downgrade to the returned negotiate flags. See also 0970369ca0cb9ae465cff40e5c75739824daf1d0. --- source4/winbind/wb_init_domain.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/winbind') diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index 9847afbba0..9d807d8776 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -154,7 +154,7 @@ struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx, (lpcfg_server_role(service->task->lp_ctx) == ROLE_DOMAIN_CONTROLLER)) && (dom_sid_equal(state->domain->info->sid, state->service->primary_sid))) { - state->domain->netlogon_binding->flags |= DCERPC_SCHANNEL | DCERPC_SCHANNEL_128; + state->domain->netlogon_binding->flags |= DCERPC_SCHANNEL | DCERPC_SCHANNEL_AUTO; /* For debugging, it can be a real pain if all the traffic is encrypted */ if (lpcfg_winbind_sealed_pipes(service->task->lp_ctx)) { @@ -236,7 +236,7 @@ static bool retry_with_schannel(struct init_domain_state *state, * NTLMSSP binds */ /* Try again with schannel */ - binding->flags |= DCERPC_SCHANNEL; + binding->flags |= DCERPC_SCHANNEL | DCERPC_SCHANNEL_AUTO; /* Try again, likewise on the same IPC$ share, secured with SCHANNEL */ -- cgit