mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
d3ac3da986
This patch fixes an issue where NetApp filers joined to a
Samba/ADDC cannot resolve SIDs. Without this patch the issue
can only be avoided by setting "allow nt4 crypto = yes" in smb.conf.
The issue is triggered by NetApp filers in three steps:
1. The client calls netr_ServerReqChallenge to set up challenge tokens
2. Next it calls netr_ServerAuthenticate2 with NETLOGON_NEG_STRONG_KEYS
set to 0. Native AD and Samba respond to this with
NT_STATUS_DOWNGRADE_DETECTED. At this point Samba throws away
the challenge token negotiated in the first step.
3. Next the client calls netr_ServerAuthenticate2 again, this time with
NETLOGON_NEG_STRONG_KEYS set to 1.
Samba returns NT_STATUS_ACCESS_DENIED as it has lost track
of the challenge and denies logon with the message
No challenge requested by client [CLNT1/CLNT1$], cannot authenticate
Git commit
|
||
---|---|---|
.. | ||
backupkey | ||
browser | ||
common | ||
dnsserver | ||
drsuapi | ||
echo | ||
epmapper | ||
eventlog | ||
lsa | ||
netlogon | ||
remote | ||
samr | ||
spoolss | ||
srvsvc | ||
unixinfo | ||
winreg | ||
wkssvc | ||
dcerpc_server.c | ||
dcerpc_server.h | ||
dcerpc_server.pc.in | ||
dcesrv_auth.c | ||
dcesrv_mgmt.c | ||
handles.c | ||
service_rpc.c | ||
wscript_build |