On Wed, 2008-01-23 at 13:21 -0800, Jeremy Allison wrote:
> On Wed, Jan 23, 2008 at 01:16:36PM -0800, Matt Geddes wrote:
> > On Jan 23, 2008 12:59 PM, Jeremy Allison <jra@xxxxxxxxx> wrote:
> > > This looks good to me. I'm forward porting to 3.2.x and
> > > Jerry has promised to test (I'm in OOXML-hell right now :-).
> > No problems. Apologies for it being against an older sourcebase, but
> > the patch should apply pretty cleanly to 3.2.x.
> > Incidentally, looking at the neg_flags vs 2K8 problems that have been
> > floating around, there's a new registry entry in Windows 2008 Server
> > that causes lsass.exe to skip the check it does for
> > NETLOGON_NEG_128BIT. Set the following to a non-zero value on the DCs
> > and stop/start netlogon and you can join NT 4 and Samba 3 without any
> > of those pesky NetrServerAuthenticate2-returning-0xc0000388 problems:
> > HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\AllowNT4Crypto
> > It's a 32-bit DWORD.
> Thanks for that, but we'll just ensure we do the 128bit crypto :-).
It's still probably worth documenting for people that have to use older
versions of samba for a while.
Samba Team GPL Compliance Officer <simo@xxxxxxxxx>
Senior Software Engineer at Red Hat Inc. <ssorce@xxxxxxxxxx>