The branch, v4-0-test has been updated via 26d1f9366d8611af1a69095b4cede2d2c95c982d (commit) from ae311d89d2d477b235a6a9294a8bb463ed0a8c05 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log ----------------------------------------------------------------- commit 26d1f9366d8611af1a69095b4cede2d2c95c982d Author: Stefan Metzmacher <[EMAIL PROTECTED]> Date: Thu Jul 17 13:36:59 2008 +0200 libnet/become_dc: add a comment and explain why it's important to specify krb5 metze ----------------------------------------------------------------------- Summary of changes: source/libnet/libnet_become_dc.c | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libnet/libnet_become_dc.c b/source/libnet/libnet_become_dc.c index 556ba80..31a9206 100644 --- a/source/libnet/libnet_become_dc.c +++ b/source/libnet/libnet_become_dc.c @@ -1516,6 +1516,15 @@ static void becomeDC_drsuapi_connect_send(struct libnet_BecomeDC_state *s, drsuapi->s = s; if (!drsuapi->binding) { + /* + * Note: It's important to pass 'krb5' as auth_type here + * otherwise the replication will not work with + * Windows 2000. If NTLMSSP is used Windows 2000 + * returns garbage in the DsGetNCChanges() response + * if encrypted password attributes would be in the response. + * That means the replication of the schema and configuration + * partition works fine, but it fails for the domain partition. + */ if (lp_parm_bool(s->libnet->lp_ctx, NULL, "become_dc", "print", false)) { binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[krb5,print,seal]", s->source_dsa.dns_name); if (composite_nomem(binding_str, c)) return; -- Samba Shared Repository