diff --git a/samba-3.2.0rc1-server.diff b/samba-3.2.0rc1-server.diff
new file mode 100644
index 0000000..c210c8f
--- /dev/null
+++ b/samba-3.2.0rc1-server.diff
@@ -0,0 +1,42 @@
+commit 779a3af0cd3ecbf82e3de16a4e0aec046c19d869
+Author: Volker Lendecke <vl@samba.org>
+Date:   Fri May 30 11:46:34 2008 +0200
+
+    Fix security=server, bug 5502
+    
+    This has brown paper bag quality and is definitely needed for 3.2.0.
+    
+    Thanks to Orion Poplawski for reporting this!
+    
+    Volker
+
+diff --git a/source/auth/auth_server.c b/source/auth/auth_server.c
+index b07884c..31d1d37 100644
+--- a/source/auth/auth_server.c
++++ b/source/auth/auth_server.c
+@@ -270,13 +270,15 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
+ 					 const auth_usersupplied_info *user_info, 
+ 					 auth_serversupplied_info **server_info)
+ {
++	struct server_security_state *state = talloc_get_type_abort(
++		my_private_data, struct server_security_state);
+ 	struct cli_state *cli;
+ 	static bool tested_password_server = False;
+ 	static bool bad_password_server = False;
+ 	NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
+ 	bool locally_made_cli = False;
+ 
+-	cli = (struct cli_state *)my_private_data;
++	cli = state->cli;
+ 	
+ 	if (cli) {
+ 	} else {
+@@ -285,7 +287,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
+ 	}
+ 
+ 	if (!cli || !cli->initialised) {
+-		DEBUG(1,("password server is not connected (cli not initilised)\n"));
++		DEBUG(1,("password server is not connected (cli not initialised)\n"));
+ 		return NT_STATUS_LOGON_FAILURE;
+ 	}  
+ 	
diff --git a/samba.spec b/samba.spec
index 78a3d8d..568b57d 100644
--- a/samba.spec
+++ b/samba.spec
@@ -1,4 +1,4 @@
-%define main_release 14
+%define main_release 15
 %define samba_version 3.2.0rc1
 %define tdb_version 1.1.1
 %define talloc_version 1.2.0
@@ -48,6 +48,7 @@ Patch111: samba-3.0.13-smbclient.patch
 Patch200: samba-3.0.25rc1-inotifiy.patch
 Patch220: samba-3.2.0rc1-capget.diff
 Patch221: samba-CVE-2008-1105.diff
+Patch222: samba-3.2.0rc1-server.diff
 
 Requires(pre): samba-common = %{epoch}:%{version}-%{release}
 Requires: pam >= 0:0.64
@@ -256,6 +257,7 @@ cp %{SOURCE11} packaging/Fedora/
 #%patch200 -p0 -b .inotify # FIXME: does not compile
 %patch220 -p1 -b .capget
 %patch221 -p1 -b .CVE-2008-1105
+%patch222 -p1 -b .server
 
 mv source/VERSION source/VERSION.orig
 sed -e 's/SAMBA_VERSION_VENDOR_SUFFIX=$/&\"%{release}\"/' < source/VERSION.orig > source/VERSION
@@ -850,6 +852,10 @@ exit 0
 %{_datadir}/pixmaps/samba/logo-small.png
 
 %changelog
+* Fri May 30 2008 Guenther Deschner <gdeschner@redhat.com> - 3.2.0-1.rc1.15
+- Fix security=server
+- resolves: #449038, #449039
+
 * Wed May 28 2008 Guenther Deschner <gdeschner@redhat.com> - 3.2.0-1.rc1.14
 - Add fix for CVE-2008-1105
 - resolves: #446724