[PATCH] Re: netlogon_creds_cli_validate() in master4-schannel
Stefan (metze) Metzmacher
metze at samba.org
Mon Dec 23 01:47:07 MST 2013
Am 23.12.2013 04:43, schrieb Garming Sam:
> Hi there,
>
> So I was just running some tests with your schannel-ok branch and
> noticed that,
>
> make test TESTS=wbinfo
>
> causes NT_STATUS_DOWNGRADE_DETECTED errors. I had an older version of
> your branch which succeeded on the tests just fine it seems,
> d3cc081117bda18f124fdffb740d116ef37d7c70. While the new version I used
> was 1a6e37da410fb11fee6cc551c2ae2c4db775c70e.
>
>
>
> An example of the messages:
>
> "netlogon_creds_cli_check failed with NT_STATUS_DOWNGRADE_DETECTED
> libnet_join_ok: failed to open schannel session on netlogon pipe to
> server localdc.samba.example.com for domain SAMBADOMAIN. Error was
> NT_STATUS_DOWNGRADE_DETECTED"
I introduced a regression when removing the "disable aes schannel" option.
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-schannel-ok
has this fixed in
https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=8a24aeb3874021da57dbb8cdc88e639bcced63c6
I still have to squash the top commits and add some more comments,
but I think the code is fine now, I'll redo my testing with this state.
metze
More information about the samba-technical
mailing list