svn commit: samba r6219 - in branches/SAMBA_4_0/source:
librpc/rpc ntvfs/posix
Andrew Bartlett
abartlet at samba.org
Wed Apr 6 23:11:22 GMT 2005
On Thu, 2005-04-07 at 09:05 +1000, Andrew Tridgell wrote:
> Richard,
>
> > I was testing Samba 4 joined as a domain member to an NT PDC, and
> > authentication was not working because we could not set up credentials for
> > the NetLogon channel.
>
> Please back this change out, and your pvfs change.
>
> For the schannel work, please add something like this for the moment:
>
> if (!lp_parm_bool(-1, "schannel", "128bit", True)) {
> p->conn->flags &= ~DCERPC_SCHANNEL_128;
> }
This belongs in auth_domain.c, btw. That is where we are requesting 128
bit security in the first place, and that is where we should option it
out.
> then use "schannel:128bit = False" in smb.conf or --option schannel:128bit=False
> on the smbd command line.
>
> That is a short term fix to allow you to do your work. The longer term
> fix is to work out the _correct_ way to do this negotiation, and to
> fix it rather than a "try one and then try the other" approach. I
> would be very surprised to find that w2k->NT4 does this, instead I
> would expect that the flags get chosen based on some other negotiation
> path.
This certainly will be interesting to explore.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050407/69bbfe4f/attachment.bin
More information about the samba-technical
mailing list