summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2004-06-03 18:00:22 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:51:53 -0500
commit9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad (patch)
tree7b126d923a8a0ee8b02ab43bf54a43ce3344f051 /source3/auth
parent4e1b26db3490c6063bf0ea05b8ae7e34a96ca8a9 (diff)
downloadsamba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.tar.gz
samba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.tar.bz2
samba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.zip
r991: Allow winbindd to use the domain trust account password
for setting up an schannel connection. This solves the problem of a Samba DC running winbind, trusting a native mode AD domain, and needing to enumerate AD users via wbinfo -u. (This used to be commit e9f109d1b38e0b0adec9b7e9a907f90a79d297ea)
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_util.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 9a03e7fe13..e6cc0fe5b3 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1425,8 +1425,10 @@ BOOL is_trusted_domain(const char* dom_name)
/* if we are a DC, then check for a direct trust relationships */
- if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
+ if ( IS_DC ) {
become_root();
+ DEBUG (5,("is_trusted_domain: Checking for domain trust with [%s]\n",
+ dom_name ));
ret = secrets_fetch_trusted_domain_password(dom_name, &pass, &trustdom_sid, &lct);
unbecome_root();
SAFE_FREE(pass);