[PATCH] Re: netlogon_creds_cli_validate() in master4-schannel

Andrew Bartlett abartlet at samba.org
Mon Dec 23 13:09:50 MST 2013

On Mon, 2013-12-23 at 09:47 +0100, Stefan (metze) Metzmacher wrote:
> Am 23.12.2013 04:43, schrieb Garming Sam:
> > Hi there,
> > 
> > So I was just running some tests with your schannel-ok branch and
> > noticed that,
> > 
> > make test TESTS=wbinfo
> > 
> > causes NT_STATUS_DOWNGRADE_DETECTED errors. I had an older version of
> > your branch which succeeded on the tests just fine it seems,
> > d3cc081117bda18f124fdffb740d116ef37d7c70. While the new version I used
> > was 1a6e37da410fb11fee6cc551c2ae2c4db775c70e.
> > 
> > 
> > 
> > An example of the messages:
> > 
> > "netlogon_creds_cli_check failed with NT_STATUS_DOWNGRADE_DETECTED
> > libnet_join_ok: failed to open schannel session on netlogon pipe to
> > server localdc.samba.example.com for domain SAMBADOMAIN. Error was
> I introduced a regression when removing the "disable aes schannel" option.
> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-schannel-ok
> has this fixed in
> https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=8a24aeb3874021da57dbb8cdc88e639bcced63c6
> I still have to squash the top commits and add some more comments,
> but I think the code is fine now, I'll redo my testing with this state.

I look forward to seeing this in master!  We may continue to find
issues, but I think this is a very big leap forward.

Thanks for the improvements in:

(feel confident to add my review to these latest fixups, I'm fine with
them too, and have reviewed the inter-branch diff).

Let me know if there is anything else you wish to draw my specific
attention to, and I'll look at it today. 

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list