Allow Samba to trust NT4 Domains.

This commit builds on the auth subsystem to give Samba support for trusting NT4
domains.  It is off by default, but is enabled by adding 'trustdomain' to the
'auth methods' smb.conf paramater.

Tested against NT4 only - there are still some issues with the join code for
Win2k servers (spnego stuff).

The main work TODO involves enumerating the trusted domains (including the RPC
calls to match), and getting winbind to run on the PDC correctly.

Similarly, work remains on getting NT4 to trust Samba domains.

Andrew Bartlett
(This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)

1 files changed, 4 insertions, 2 deletions

diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index dcbd47303f..6ac682fbab 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -766,7 +766,8 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
 		return result;
 	}
 	
-	result = new_cli_nt_setup_creds(conn->cli, trust_passwd);
+	result = new_cli_nt_setup_creds(conn->cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
+					SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		DEBUG(0, ("error connecting to domain password server: %s\n",
@@ -779,7 +780,8 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
 			}
 			
 			/* Try again */
-			result = new_cli_nt_setup_creds(conn->cli, trust_passwd);
+			result = new_cli_nt_setup_creds(conn->cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
+							SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd);
 		}
 		
 		if (!NT_STATUS_IS_OK(result)) {