Manually port Steven Dannenman fix for using the correct machine domain when

looking up trust credentials in our tdb.

   commit fd0ae47046d37ec8297396a2733209c4d999ea91
   Author: Steven Danneman <sdanneman@isilon.com>
   Date:   Thu May 8 13:34:49 2008 -0700

      Use machine account and machine password from our domain when
      contacting trusted domains.
(This used to be commit 69b37ae60757075a0712149c5f97f17ee22c2e41)

2 files changed, 6 insertions, 6 deletions

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 46dab156ee..e3a3d3ca9e 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1560,10 +1560,10 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
 		return true;
 	}
 
-	/* Just get the account for the requested domain. In the future this
-	 * might also cover to be member of more than one domain. */
+	/* Here we are a domain member server.  We can only be a member
+	   of one domain so ignore the request domain and assume our own */
 
-	pwd = secrets_fetch_machine_password(domain, &last_set_time, channel);
+	pwd = secrets_fetch_machine_password(lp_workgroup(), &last_set_time, channel);
 
 	if (pwd != NULL) {
 		*ret_pwd = pwd;
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 377b1b2d21..9bab80377a 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -706,12 +706,12 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	/* this is at least correct when domain is our domain,
-	 * which is the only case, when this is currently used: */
+	/* For now assume our machine account only exists in our domain */
+
 	if (machine_krb5_principal != NULL)
 	{
 		if (asprintf(machine_krb5_principal, "%s$@%s",
-			     account_name, domain->alt_name) == -1)
+			     account_name, lp_realm()) == -1)
 		{
 			return NT_STATUS_NO_MEMORY;
 		}