From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 22 Dec 2021 01:51:08 +0000 (+1300)
Subject: dsdb/netlogon: Indicate DC functional level support in samlogon response
X-Git-Tag: tdb-1.4.6~246
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55948433135929488fa8370f826afdc02db1bf2a;p=thirdparty%2Fsamba.git

dsdb/netlogon: Indicate DC functional level support in samlogon response

The DS_SERVER_DS_8 flag is necessary for Windows to detect FAST support.

Note for know we only ever have DS_DOMAIN_FUNCTION_2008_R2 (4) in the
msDS-Behavior-Version attribute of our own NTDSA object. So
for now this is only for manual testing. In future we most likely
want to extend 'samba-tool domain level' to raise the dc level
manually or let 'samba' autoupgrade the value.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/source4/dsdb/samdb/ldb_modules/netlogon.c b/source4/dsdb/samdb/ldb_modules/netlogon.c
index 332f9c0b409..4864ae4740e 100644
--- a/source4/dsdb/samdb/ldb_modules/netlogon.c
+++ b/source4/dsdb/samdb/ldb_modules/netlogon.c
@@ -297,6 +297,18 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 		}
 	}
 
+	if (dc_level >= DS_DOMAIN_FUNCTION_2012) {
+		server_type |= DS_SERVER_DS_8;
+	}
+
+	if (dc_level >= DS_DOMAIN_FUNCTION_2012_R2) {
+		server_type |= DS_SERVER_DS_9;
+	}
+
+	if (dc_level >= DS_DOMAIN_FUNCTION_2016) {
+		server_type |= DS_SERVER_DS_10;
+	}
+
 	if (version & (NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_5EX_WITH_IP)) {
 		pdc_name = lpcfg_netbios_name(lp_ctx);
 	} else {