svn commit: samba r6219 - in branches/SAMBA_4_0/source: librpc/rpc ntvfs/posix

Andrew Tridgell tridge at
Wed Apr 6 23:05:23 GMT 2005


 > I was testing Samba 4 joined as a domain member to an NT PDC, and
 > authentication was not working because we could not set up credentials for
 > the NetLogon channel.

Please back this change out, and your pvfs change.

For the schannel work, please add something like this for the moment:

  if (!lp_parm_bool(-1, "schannel", "128bit", True)) {
	p->conn->flags &= ~DCERPC_SCHANNEL_128;

then use "schannel:128bit = False" in smb.conf or --option schannel:128bit=False
on the smbd command line.

That is a short term fix to allow you to do your work. The longer term
fix is to work out the _correct_ way to do this negotiation, and to
fix it rather than a "try one and then try the other" approach. I
would be very surprised to find that w2k->NT4 does this, instead I
would expect that the flags get chosen based on some other negotiation

I know you were just being pragmatic, but it is important that we do
stuff like this properly and not just hack in something that
works. When we don't yet know how to do it properly, it is better to
have an option for the moment.

Cheers, Tridge

More information about the samba-technical mailing list