From 99c431695ce723fcdd77c455e8363a355519929b Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 7 Dec 2001 01:01:10 +0000
Subject: [PATCH] added a "use spnego" option

you need to set "use spnego = no" for w2k to be able to join a samba
domain. Otherwise the w2k box will assume we can do kerberos as a KDC
(This used to be commit b5cb57a367a6d9a82e082e2838e83e0997eb4930)
---
 source3/param/loadparm.c | 6 ++++++
 source3/smbd/negprot.c   | 1 +
 2 files changed, 7 insertions(+)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 038ccea782f..44aa861940e 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -266,6 +266,7 @@ typedef struct
 	BOOL bUnicode;
 	BOOL bUseMmap;
 	BOOL bHostnameLookups;
+	BOOL bUseSpnego;
 }
 global;
 
@@ -795,6 +796,7 @@ static struct parm_struct parm_table[] = {
 	{"max wins ttl", P_INTEGER, P_GLOBAL, &Globals.max_wins_ttl, NULL, NULL, 0},
 	{"min wins ttl", P_INTEGER, P_GLOBAL, &Globals.min_wins_ttl, NULL, NULL, 0},
 	{"time server", P_BOOL, P_GLOBAL, &Globals.bTimeServer, NULL, NULL, 0},
+	{"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, 0},
 
 	{"Tuning Options", P_SEP, P_SEPARATOR},
 	
@@ -1347,6 +1349,9 @@ static void init_globals(void)
 	Globals.winbind_cache_time = 15;
 	Globals.bWinbindEnumUsers = True;
 	Globals.bWinbindEnumGroups = True;
+
+	Globals.bUseSpnego = True;
+
 }
 
 static TALLOC_CTX *lp_talloc;
@@ -1559,6 +1564,7 @@ FN_GLOBAL_BOOL(lp_host_msdfs, &Globals.bHostMSDfs)
 FN_GLOBAL_BOOL(lp_kernel_oplocks, &Globals.bKernelOplocks)
 FN_GLOBAL_BOOL(lp_enhanced_browsing, &Globals.enhanced_browsing)
 FN_GLOBAL_BOOL(lp_use_mmap, &Globals.bUseMmap)
+FN_GLOBAL_BOOL(lp_use_spnego, &Globals.bUseSpnego)
 FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups)
 FN_GLOBAL_INTEGER(lp_os_level, &Globals.os_level)
 FN_GLOBAL_INTEGER(lp_max_ttl, &Globals.max_ttl)
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index b99d2395407..d3afa19d006 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -227,6 +227,7 @@ static int reply_nt1(char *inbuf, char *outbuf)
 	
 	if (global_encrypted_passwords_negotiated && 
 	    (lp_security() != SEC_SHARE) &&
+	    lp_use_spnego() &&
 	    (SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) {
 		negotiate_spnego = True;
 		capabilities |= CAP_EXTENDED_SECURITY;
-- 
2.34.1