[PATCH] Re: netlogon_creds_cli_validate() in master4-schannel
Stefan (metze) Metzmacher
metze at samba.org
Mon Dec 23 16:02:06 MST 2013
Am 23.12.2013 21:09, schrieb Andrew Bartlett:
> On Mon, 2013-12-23 at 09:47 +0100, Stefan (metze) Metzmacher wrote:
>> Am 23.12.2013 04:43, schrieb Garming Sam:
>>> Hi there,
>>> So I was just running some tests with your schannel-ok branch and
>>> noticed that,
>>> make test TESTS=wbinfo
>>> causes NT_STATUS_DOWNGRADE_DETECTED errors. I had an older version of
>>> your branch which succeeded on the tests just fine it seems,
>>> d3cc081117bda18f124fdffb740d116ef37d7c70. While the new version I used
>>> was 1a6e37da410fb11fee6cc551c2ae2c4db775c70e.
>>> An example of the messages:
>>> "netlogon_creds_cli_check failed with NT_STATUS_DOWNGRADE_DETECTED
>>> libnet_join_ok: failed to open schannel session on netlogon pipe to
>>> server localdc.samba.example.com for domain SAMBADOMAIN. Error was
>> I introduced a regression when removing the "disable aes schannel" option.
>> has this fixed in
>> I still have to squash the top commits and add some more comments,
>> but I think the code is fine now, I'll redo my testing with this state.
> I look forward to seeing this in master! We may continue to find
> issues, but I think this is a very big leap forward.
> Thanks for the improvements in:
> (feel confident to add my review to these latest fixups, I'm fine with
> them too, and have reviewed the inter-branch diff).
> Let me know if there is anything else you wish to draw my specific
> attention to, and I'll look at it today.
No, I just need to retest with this code.
You could try to fix the flakey tests we currently have...:-)
More information about the samba-technical