diff options
author | Gerald Carter <jerry@samba.org> | 2007-05-06 20:16:12 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:21:49 -0500 |
commit | 391a72f3dfc061d6d97752c7e8691f80b4990ba8 (patch) | |
tree | f9d596fb1fe072365f192fdf20751fd277731c1d /source3/nsswitch/winbindd_dual.c | |
parent | 044f1b4a993cd7711fd9721a73cf9e2f9c90f5a5 (diff) | |
download | samba-391a72f3dfc061d6d97752c7e8691f80b4990ba8.tar.gz samba-391a72f3dfc061d6d97752c7e8691f80b4990ba8.tar.bz2 samba-391a72f3dfc061d6d97752c7e8691f80b4990ba8.zip |
r22710: Support one-way trusts.
* Rely on the fact that name2sid will work for any name
in a trusted domain will work against our primary domain
(even in the absense of an incoming trust path)
* Only logons will reliably work and the idmap backend
is responsible for being able to manage id's without contacting
the trusted domain
* "getent passwd" and "getent group" for trusted users and groups
will work but we cannot get the group membership of a user in any
fashion without the user first logging on (via NTLM or krb5)
and the netsamlogon_cache being updated.
(This used to be commit dee2bce2af6aab8308dcef4109cc5248cfba5ef5)
Diffstat (limited to 'source3/nsswitch/winbindd_dual.c')
-rw-r--r-- | source3/nsswitch/winbindd_dual.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/nsswitch/winbindd_dual.c b/source3/nsswitch/winbindd_dual.c index 8d475e6c9f..aa6b356679 100644 --- a/source3/nsswitch/winbindd_dual.c +++ b/source3/nsswitch/winbindd_dual.c @@ -653,6 +653,14 @@ static void account_lockout_policy_handler(struct event_context *ctx, TALLOC_FREE(child->lockout_policy_event); } + if ( !winbindd_can_contact_domain( child->domain ) ) { + DEBUG(10,("account_lockout_policy_handler: Removing myself since I " + "do not have an incoming trust to domain %s\n", + child->domain->name)); + + return; + } + methods = child->domain->methods; mem_ctx = talloc_init("account_lockout_policy_handler ctx"); |