summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2011-11-22 08:02:20 -0500
committerAndreas Schneider <asn@cryptomilk.org>2011-12-22 17:48:24 +0100
commit1c8f326dc6367969852d0ac30887428345be9d7d (patch)
treedae78e3f9c24d1629cd0dd88033d4684bfbfb26d
parent2f5e9aae860b55203c3efd2e558cd27e00f734ed (diff)
downloadsamba-1c8f326dc6367969852d0ac30887428345be9d7d.tar.gz
samba-1c8f326dc6367969852d0ac30887428345be9d7d.tar.bz2
samba-1c8f326dc6367969852d0ac30887428345be9d7d.zip
s3-netlogon: Add support to authenticate trusted domains.
-rw-r--r--source3/rpc_server/netlogon/srv_netlog_nt.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index f681e909dd..086a0ea3c5 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -907,6 +907,19 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
srv_flgs |= NETLOGON_NEG_SCHANNEL;
}
+ /*
+ * Support authenticaten of trusted domains.
+ *
+ * These flags are the minimum required set which works with win2k3
+ * and win2k8.
+ */
+ if (pdb_capabilities() & PDB_CAP_TRUSTED_DOMAINS_EX) {
+ srv_flgs |= NETLOGON_NEG_TRANSITIVE_TRUSTS |
+ NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+ NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+ NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION;
+ }
+
switch (p->opnum) {
case NDR_NETR_SERVERAUTHENTICATE:
fn = "_netr_ServerAuthenticate";