Sigh, hit 'Reply' instead of 'Reply All'....

---------- Forwarded message ----------
From: Matt Geddes
Date: Fri, Apr 25, 2008 at 9:29 AM
Subject: Re: 0xC0000388
To: Jeremy Allison


My original reply disappeared. Kinda ironically, it was sent from a
gmail account, but I suspect it's more to do with it coming from
pocket outlook than anything.

On Fri, Apr 25, 2008 at 7:31 AM, Jeremy Allison wrote:
> On Fri, Apr 25, 2008 at 09:02:15PM +0900, feroz ahmed wrote:

> > The problem is when i try to access my linux file share from work group
> > members im getting error 0xC0000388.
> > Have attached the network trace.. Can some one help me in fixing this
> > issue???

0xC0000388 is NT_STATUS_DOWNGRADE_DETECTED. Windows Server 2008 spits
that back at you when you attempt (or it thinks you're trying to
attempt) to avoid using 128-bit crypto. I've only seen it on domain
members when performing netrServerAuthenticate2 (or ....3) and the
neg_flags field doesn't have bit 0x4000 set (NETLOGON_NEG_128BIT).

netrServerAuthenticate2 is used with an RPC join, but I remember that
older versions of Samba did an RPC testjoin (inside net_ads.c
somewhere, from memory) even when using ADS to do the join.

There's also a registry entry that can be applied on the DCs to cause
it to not require that flag to be set. It's mentioned here:

> Not really. 3.0.14a has been discontinued for a while. Are you
> working for a Samba OEM or vendor ? If so we might be inclined
> to be more helpful as you'll be fixing bugs for many more people.

In this case, the version of Samba doesn't matter, does it?