From 21c25e0585d54c3f172e1e4601085df7a6572ae9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 15 Feb 2009 18:18:38 -0800 Subject: [PATCH] Attempt to fix bug #6099. According to Microsoft Windows 7 looks at the negotiate_flags returned in this structure *even if the call fails with access denied ! So in order to allow Win7 to connect to a Samba NT style PDC we set the flags before we know if it's an error or not. Jeremy. (cherry picked from commit cafc9efceadcefa9154874e9846158cf23ee1645) --- source/rpc_server/srv_netlog_nt.c | 43 +++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c index d3751011e22..2efef7f8200 100644 --- a/source/rpc_server/srv_netlog_nt.c +++ b/source/rpc_server/srv_netlog_nt.c @@ -474,6 +474,32 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, uint32_t srv_flgs; struct netr_Credential srv_chal_out; + /* According to Microsoft (see bugid #6099) + * Windows 7 looks at the negotiate_flags + * returned in this structure *even if the + * call fails with access denied ! So in order + * to allow Win7 to connect to a Samba NT style + * PDC we set the flags before we know if it's + * an error or not. + */ + + /* 0x000001ff */ + srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT | + NETLOGON_NEG_PERSISTENT_SAMREPL | + NETLOGON_NEG_ARCFOUR | + NETLOGON_NEG_PROMOTION_COUNT | + NETLOGON_NEG_CHANGELOG_BDC | + NETLOGON_NEG_FULL_SYNC_REPL | + NETLOGON_NEG_MULTIPLE_SIDS | + NETLOGON_NEG_REDO | + NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL; + + if (lp_server_schannel() != false) { + srv_flgs |= NETLOGON_NEG_SCHANNEL; + } + + *r->out.negotiate_flags = srv_flgs; + /* We use this as the key to store the creds: */ /* r->in.computer_name */ @@ -520,26 +546,9 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, r->in.account_name)); return NT_STATUS_ACCESS_DENIED; } - - /* 0x000001ff */ - srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT | - NETLOGON_NEG_PERSISTENT_SAMREPL | - NETLOGON_NEG_ARCFOUR | - NETLOGON_NEG_PROMOTION_COUNT | - NETLOGON_NEG_CHANGELOG_BDC | - NETLOGON_NEG_FULL_SYNC_REPL | - NETLOGON_NEG_MULTIPLE_SIDS | - NETLOGON_NEG_REDO | - NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL; - - if (lp_server_schannel() != false) { - srv_flgs |= NETLOGON_NEG_SCHANNEL; - } - /* set up the LSA AUTH 2 response */ memcpy(r->out.return_credentials->data, &srv_chal_out.data, sizeof(r->out.return_credentials->data)); - *r->out.negotiate_flags = srv_flgs; fstrcpy(p->dc->mach_acct, r->in.account_name); fstrcpy(p->dc->remote_machine, r->in.computer_name); -- 2.11.4.GIT