svn commit: samba r6219 - in branches/SAMBA_4_0/source: librpc/rpc ntvfs/posix

Andrew Bartlett abartlet at
Wed Apr 6 23:11:22 GMT 2005

On Thu, 2005-04-07 at 09:05 +1000, Andrew Tridgell wrote:
> Richard,
>  > I was testing Samba 4 joined as a domain member to an NT PDC, and
>  > authentication was not working because we could not set up credentials for
>  > the NetLogon channel.
> Please back this change out, and your pvfs change.
> For the schannel work, please add something like this for the moment:
>   if (!lp_parm_bool(-1, "schannel", "128bit", True)) {
> 	p->conn->flags &= ~DCERPC_SCHANNEL_128;
>   }

This belongs in auth_domain.c, btw.  That is where we are requesting 128
bit security in the first place, and that is where we should option it

> then use "schannel:128bit = False" in smb.conf or --option schannel:128bit=False
> on the smbd command line.
> That is a short term fix to allow you to do your work. The longer term
> fix is to work out the _correct_ way to do this negotiation, and to
> fix it rather than a "try one and then try the other" approach. I
> would be very surprised to find that w2k->NT4 does this, instead I
> would expect that the flags get chosen based on some other negotiation
> path.

This certainly will be interesting to explore.

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list