r15543: New implementation of 'net ads join' to be more like Windows XP.

The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.

The points of interest are

* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
  ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
  libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
  using the machine account after the join

Thanks to Guenther and Simo for the review.

Still to do:

* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
  'kinit -k' (although we might be able to just use the sAMAccountName
  instead)
* Re-add support for pre-creating the machine account in
  a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)

1 files changed, 1 insertions, 8 deletions

diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 9e450d9de7..6322a33c02 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -618,18 +618,11 @@ static void dcip_to_name( const char *domainname, const char *realm,
 	if ( lp_security() == SEC_ADS ) 
 	{
 		ADS_STRUCT *ads;
-		ADS_STATUS status;
 
 		ads = ads_init( realm, domainname, NULL );
 		ads->auth.flags |= ADS_AUTH_NO_BIND;
 
-		if ( !ads_try_connect( ads, inet_ntoa(ip), LDAP_PORT ) )  {
-			ads_destroy( &ads );
-			return;
-		}
-
-		status = ads_server_info(ads);
-		if ( !ADS_ERR_OK(status) ) {
+		if ( !ads_try_connect( ads, inet_ntoa(ip) ) )  {
 			ads_destroy( &ads );
 			return;
 		}