r991: Allow winbindd to use the domain trust account password

for setting up an schannel connection.  This solves the problem
of a Samba DC running winbind, trusting a native mode AD domain,
and needing to enumerate AD users via wbinfo -u.
(This used to be commit e9f109d1b38e0b0adec9b7e9a907f90a79d297ea)

1 files changed, 9 insertions, 2 deletions

diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index f6d88a1950..02d2611d88 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -91,18 +91,25 @@ NTSTATUS cli_net_auth2(struct cli_state *cli,
         NET_Q_AUTH_2 q;
         NET_R_AUTH_2 r;
         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	fstring machine_acct;
 
         prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
         prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
 
+	if ( sec_chan == SEC_CHAN_DOMAIN )
+		fstr_sprintf( machine_acct, "%s$", lp_workgroup() );
+	else
+		fstrcpy( machine_acct, cli->mach_acct );
+	
         /* create and send a MSRPC command with api NET_AUTH2 */
 
         DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
-                 cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname(),
+                 cli->srv_name_slash, machine_acct, sec_chan, global_myname(),
                  credstr(cli->clnt_cred.challenge.data), *neg_flags));
 
         /* store the parameters */
-        init_q_auth_2(&q, cli->srv_name_slash, cli->mach_acct, 
+
+        init_q_auth_2(&q, cli->srv_name_slash, machine_acct, 
                       sec_chan, global_myname(), &cli->clnt_cred.challenge, 
                       *neg_flags);