On Wed, May 06, 2009 at 12:39:36PM -0500, Günther Deschner wrote: > The branch, master has been updated > via 78754ab2c9b28ea8ab09d3fd1f5450abe721a2c1 (commit) > from 730c91aaaad42c68fdb44bc51fee6c89e0c22910 (commit) > > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master > > > - Log ----------------------------------------------------------------- > commit 78754ab2c9b28ea8ab09d3fd1f5450abe721a2c1 > Author: Günther Deschner <g...@samba.org> > Date: Wed May 6 19:29:01 2009 +0200 > > s3-netlogon: Fix NETLOGON credential chain. Fixes Bug #6099 (Windows 7 > joining Samba3) and probably many, many more. > > Jeremy, with 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in > negotiate > flags (which are a pointer to the out negotiate flags assigned in the > generated > netlogon server code). So, while you wanted to just set the *out* > negflags, you > did in fact reset the *in* negflags, effectively eliminating the > NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) > which then > caused creds_server_init() to generate 64bit creds instead of 128bit, > causing > the whole chain to break. *Please* check.
Wow - great catch ! Great work Guenther. I'm looking at it now. I think we probably need some comments here also to explain the details. Looks like I got caught by badly named auto-generated variable names (r->out.negotiate_flags actually being the "in" flags is not very obvious :-). Thanks ! Jeremy.