[PATCH] Joining a Windows Server 2008 (Longhorn)

Matt Geddes musicalcarrion at gmail.com
Mon Jan 21 19:27:54 GMT 2008

In case anyone's interested, the specific bit that needs to be set for
neg_flags in NetrServerAuthenticate2 (and NetrServerAuthenticate3) to
work against Windows 2008 Server seems to be 0x4000
(NETLOGON_NEG_128BIT). I did a quick test over the weekend that had a
script that set the neg_flags through an smb.conf parameter and tried
a join. It tried all of the combinations of the bits that are
different between Samba/NT (0x400701ff) and 2K8 (0x600fffff):
0x2008fe00. There were one or two combinations that, with that bit
set, still failed, but apart from that it was pretty consistent.

Incidentally, messing around with the sign-and-seal settings in
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters seems to
have an effect on the same flag coming from Windows Server 2003. I
haven't checked whether or not this prevents the 2K3 machine from
using NetrServerAuthenticate[23] against the 2K8 DC.

Does anyone have any thoughts about what some of the other flags are
(apart from the 3 that we already know)? There are a lot that we've
never seen used.


On Jan 17, 2008 2:57 AM, Andreas Schneider <anschneider at suse.de> wrote:
> Hi,
> attached are two patches to be able to join a Windows 2008 Server. The first
> is the code from Todd Stecher which had been reverted some time ago. The
> second is to get get the machine name if the desthost is a hostname and not
> only the machine name.
> I've successfully joined a Win2k8 only domain here.
> Best regards,
>         -- andreas

More information about the samba-technical mailing list