When we have a NT4SP0 PDC trust us, we first have to check the

password. On NT4, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT means
the password was correct. So the PDC believed that he had his trust
account correctly added. Later the auth2 naturally failed.

BTW, setting up an interdom trust account is not what I would call
well documented and easy to handle... Working on that now :-)

Volker
(This used to be commit e4e44cf3b18231ec5d7326fb42edec741caa147b)

1 files changed, 2 insertions, 2 deletions

diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 0c2ffaae88..634afc633d 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -439,14 +439,14 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
-	nt_status = sam_account_ok(mem_ctx, sampass, user_info);
+	nt_status = sam_password_ok(auth_context, mem_ctx, sampass, user_info, user_sess_key);
 	
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		pdb_free_sam(&sampass);
 		return nt_status;
 	}
 
-	nt_status = sam_password_ok(auth_context, mem_ctx, sampass, user_info, user_sess_key);
+	nt_status = sam_account_ok(mem_ctx, sampass, user_info);
 
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		pdb_free_sam(&sampass);