s4:rpc_server/dcesrv_auth.c - Fix a RPC issue in conjunction with Windows 2000

Matthias Dieter Wallnöfer mdw at samba.org
Sun May 30 07:37:59 MDT 2010

Stefan (metze) Metzmacher wrote:
> Hi Matthias,
>> if you are so concerned I don't have another possibility other than to
>> revert it. I just would like to bring to attention that the mentioned
>> "special" RPC calls work against Windows Server 2008 - so the problem is
>> definitely valid.
>> Before I pushed this fix I tried also to activate our header-sign
>> support ("dcesrv:header sign = yes" in smb.conf) - which would be the
>> expected solution. But then the whole schannel interactions with the
>> Windows client broke.
> We don't support header signing for all auth types yet, but also don't
> have to, as the client won't use it, if the server doesn't indicate
> support for it.
Exactly there lies the problem: I think Windows 2000 has a bug in the 
sense that it expects always to have the header signing available for 
this "special" RPC call mechanisms (eg to domain members in local groups 
- as stated in the commit comment). Windows XP and onwards have fixed 
this I think.


More information about the samba-technical mailing list