summaryrefslogtreecommitdiff
path: root/source3/rpc_client
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2004-06-03 18:00:22 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:51:53 -0500
commit9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad (patch)
tree7b126d923a8a0ee8b02ab43bf54a43ce3344f051 /source3/rpc_client
parent4e1b26db3490c6063bf0ea05b8ae7e34a96ca8a9 (diff)
downloadsamba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.tar.gz
samba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.tar.bz2
samba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.zip
r991: Allow winbindd to use the domain trust account password
for setting up an schannel connection. This solves the problem of a Samba DC running winbind, trusting a native mode AD domain, and needing to enumerate AD users via wbinfo -u. (This used to be commit e9f109d1b38e0b0adec9b7e9a907f90a79d297ea)
Diffstat (limited to 'source3/rpc_client')
-rw-r--r--source3/rpc_client/cli_netlogon.c11
-rw-r--r--source3/rpc_client/cli_pipe.c3
2 files changed, 9 insertions, 5 deletions
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index f6d88a1950..02d2611d88 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -91,18 +91,25 @@ NTSTATUS cli_net_auth2(struct cli_state *cli,
NET_Q_AUTH_2 q;
NET_R_AUTH_2 r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ fstring machine_acct;
prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+ if ( sec_chan == SEC_CHAN_DOMAIN )
+ fstr_sprintf( machine_acct, "%s$", lp_workgroup() );
+ else
+ fstrcpy( machine_acct, cli->mach_acct );
+
/* create and send a MSRPC command with api NET_AUTH2 */
DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
- cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname(),
+ cli->srv_name_slash, machine_acct, sec_chan, global_myname(),
credstr(cli->clnt_cred.challenge.data), *neg_flags));
/* store the parameters */
- init_q_auth_2(&q, cli->srv_name_slash, cli->mach_acct,
+
+ init_q_auth_2(&q, cli->srv_name_slash, machine_acct,
sec_chan, global_myname(), &cli->clnt_cred.challenge,
*neg_flags);
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index b24dbb7d25..9e2d5aa4a7 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1621,9 +1621,6 @@ NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan, int auth_flags
return NT_STATUS_UNSUCCESSFUL;
}
- if (lp_client_schannel() != False)
- neg_flags |= NETLOGON_NEG_SCHANNEL;
-
neg_flags |= NETLOGON_NEG_SCHANNEL;
result = cli_nt_setup_creds(cli, sec_chan, trust_password,