summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2007-05-06 19:48:13 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:21:48 -0500
commit044f1b4a993cd7711fd9721a73cf9e2f9c90f5a5 (patch)
treecc81a81cefd90fcb3e3a74364396b155360fe7d5
parent47761fdc302897d608d36b75cf9180c0c46ab040 (diff)
downloadsamba-044f1b4a993cd7711fd9721a73cf9e2f9c90f5a5.tar.gz
samba-044f1b4a993cd7711fd9721a73cf9e2f9c90f5a5.tar.bz2
samba-044f1b4a993cd7711fd9721a73cf9e2f9c90f5a5.zip
r22709: we can only use tschannel when commectcing to our primary (might need some fixing here for a Samba DC)
(This used to be commit 3d2123383d9dab6f0c8832e0f04238aa9a972c70)
-rw-r--r--source3/nsswitch/winbindd_cm.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index fb290e2ba7..f7b7410ba2 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -2092,7 +2092,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
return NT_STATUS_OK;
}
- if (!get_trust_pw(domain->name, mach_pwd, &sec_chan_type)) {
+ if (domain->primary && !get_trust_pw(domain->name, mach_pwd, &sec_chan_type)) {
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
@@ -2102,6 +2102,12 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
return result;
}
+ if ( !domain->primary ) {
+ /* Clear the schannel request bit and drop down */
+ neg_flags &= ~NETLOGON_NEG_SCHANNEL;
+ goto no_schannel;
+ }
+
if (lp_client_schannel() != False) {
neg_flags |= NETLOGON_NEG_SCHANNEL;
}
@@ -2146,6 +2152,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
return NT_STATUS_ACCESS_DENIED;
}
+ no_schannel:
if ((lp_client_schannel() == False) ||
((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
/* We're done - just keep the existing connection to NETLOGON