[PATCH] Joining a Windows Server 2008 (Longhorn)
musicalcarrion at gmail.com
Mon Jan 21 19:27:54 GMT 2008
In case anyone's interested, the specific bit that needs to be set for
neg_flags in NetrServerAuthenticate2 (and NetrServerAuthenticate3) to
work against Windows 2008 Server seems to be 0x4000
(NETLOGON_NEG_128BIT). I did a quick test over the weekend that had a
script that set the neg_flags through an smb.conf parameter and tried
a join. It tried all of the combinations of the bits that are
different between Samba/NT (0x400701ff) and 2K8 (0x600fffff):
0x2008fe00. There were one or two combinations that, with that bit
set, still failed, but apart from that it was pretty consistent.
Incidentally, messing around with the sign-and-seal settings in
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters seems to
have an effect on the same flag coming from Windows Server 2003. I
haven't checked whether or not this prevents the 2K3 machine from
using NetrServerAuthenticate against the 2K8 DC.
Does anyone have any thoughts about what some of the other flags are
(apart from the 3 that we already know)? There are a lot that we've
never seen used.
On Jan 17, 2008 2:57 AM, Andreas Schneider <anschneider at suse.de> wrote:
> attached are two patches to be able to join a Windows 2008 Server. The first
> is the code from Todd Stecher which had been reverted some time ago. The
> second is to get get the machine name if the desthost is a hostname and not
> only the machine name.
> I've successfully joined a Win2k8 only domain here.
> Best regards,
> -- andreas
More information about the samba-technical