summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-03-02 08:25:44 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-03-02 08:25:44 +0000
commit81b2d66c970c0df94823ad96f50b992fff0c8b94 (patch)
tree303fd700ef82f4915ed2fd6c55f3330f7f905d81 /source3/nsswitch
parent53d0c9c79f614fc8aecd7d417ae7b92d0a06f893 (diff)
downloadsamba-81b2d66c970c0df94823ad96f50b992fff0c8b94.tar.gz
samba-81b2d66c970c0df94823ad96f50b992fff0c8b94.tar.bz2
samba-81b2d66c970c0df94823ad96f50b992fff0c8b94.zip
Allow Samba to trust NT4 Domains.
This commit builds on the auth subsystem to give Samba support for trusting NT4 domains. It is off by default, but is enabled by adding 'trustdomain' to the 'auth methods' smb.conf paramater. Tested against NT4 only - there are still some issues with the join code for Win2k servers (spnego stuff). The main work TODO involves enumerating the trusted domains (including the RPC calls to match), and getting winbind to run on the PDC correctly. Similarly, work remains on getting NT4 to trust Samba domains. Andrew Bartlett (This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/winbindd_cm.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index dcbd47303f..6ac682fbab 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -766,7 +766,8 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
return result;
}
- result = new_cli_nt_setup_creds(conn->cli, trust_passwd);
+ result = new_cli_nt_setup_creds(conn->cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
+ SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0, ("error connecting to domain password server: %s\n",
@@ -779,7 +780,8 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
}
/* Try again */
- result = new_cli_nt_setup_creds(conn->cli, trust_passwd);
+ result = new_cli_nt_setup_creds(conn->cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
+ SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd);
}
if (!NT_STATUS_IS_OK(result)) {