If we choose to support 128bit encryption report it to the client!!!
Otherwise the client tries to decrypt it with the wrong algorithm.
This partly fixes incoming trusts against w2k8r2.
metze
srv_flgs.neg_flags |= NETLOGON_NEG_SCHANNEL;
}
+ /* Ensure we support strong (128-bit) keys. */
+ if (q_u->clnt_flgs.neg_flags & NETLOGON_NEG_128BIT) {
+ srv_flgs.neg_flags |= NETLOGON_NEG_128BIT;
+ }
+
/* set up the initial LSA AUTH 2 response */
ZERO_STRUCT(srv_chal_out);
init_net_r_auth_2(r_u, &srv_chal_out, &srv_flgs, NT_STATUS_OK);