diff options
| author | Gerald Carter <jerry@samba.org> | 2005-11-10 19:50:09 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:05:22 -0500 |
| commit | 438d0ad451678c42614ab800bceaf490e09c120a (patch) | |
| tree | 257d4e4c338c0d600d7e579a20e875bdc1452063 /source3/libads | |
| parent | e04e7e1ffcf0ad4c8a3837f8553ea83f6b49166d (diff) | |
| download | samba-438d0ad451678c42614ab800bceaf490e09c120a.tar.gz samba-438d0ad451678c42614ab800bceaf490e09c120a.tar.bz2 samba-438d0ad451678c42614ab800bceaf490e09c120a.zip | |
r11651: After talking to Jeremy, commit my winbindd "Do the Right Thing" patch.
Still needs some more testing ni domains with multiple DCs. Coming next....
(This used to be commit aaed605206a8549cec575dab31e56bf6d32f26a6)
Diffstat (limited to 'source3/libads')
| -rw-r--r-- | source3/libads/kerberos.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 7f855add06..d5b4b11fa2 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -130,8 +130,25 @@ int ads_kinit_password(ADS_STRUCT *ads) { char *s; int ret; + const char *account_name; + fstring acct_name; - if (asprintf(&s, "%s@%s", ads->auth.user_name, ads->auth.realm) == -1) { + if ( IS_DC ) { + /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */ + account_name = lp_workgroup(); + } else { + /* always use the sAMAccountName for security = domain */ + /* global_myname()$@REA.LM */ + if ( lp_security() == SEC_DOMAIN ) { + fstr_sprintf( acct_name, "%s$", global_myname() ); + account_name = acct_name; + } + else + /* This looks like host/global_myname()@REA.LM */ + account_name = ads->auth.user_name; + } + + if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) { return KRB5_CC_NOMEM; } |