s3:auth_domain: try to use NETLOGON_NEG_SUPPORTS_AES

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 54ee5a17df75ad4eb9d1521c14db7ac13a124053..06078e2ada1926f0fb518b9d92ddcaf433974d26 100644 (file)
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -133,7 +133,8 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
 
        if (!lp_client_schannel()) {
                /* We need to set up a creds chain on an unauthenticated netlogon pipe. */
-               uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+               uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS |
+                                       NETLOGON_NEG_SUPPORTS_AES;
                enum netr_SchannelType sec_chan_type = 0;
                unsigned char machine_pwd[16];
                const char *account_name;