how to disable the CAP_EXTENDED_SECURITY bit on win2k ?
Gerald (Jerry) Carter
jerry at samba.org
Tue Nov 13 13:23:03 GMT 2001
On Tue, 13 Nov 2001, Mayers, Philip J wrote:
> I don't think you can - it is always sent by the server if the client
> 0x0800 in the Flags2 of the NegProt, IIRC. What's the specific problem
> you're having?
Somewhere along the way we are diverging from WIN2K and causing
the Win2k client to hit an untyested code path. For example,
while logged onto a local Win2k client as Administrator and connected to a
Samba 2.2 server as root, the Win2k client issues an additional
anonymous SMBsessetup&x and tcon to IPC$. The client then proceeds to
issue several SETPRINTERDATA calls while installing a printer.
Note that since these are done on the anonymous connection, the printer's
security descriptor disallows the updates. Not that the SETPRINTERDATA
calls are issued using a printer handle that was opened with only
PRINTER_ACCESS_USE access!!! Arrghhh!!
(and yes this looks like a client bug in case you were wondering)
I need to disable the extended security capability bit on the Win2k
server so I can see if this causes the same behavior on the client
(anonymous connection and issue SETPRINTER calls).
More information about the samba-technical