diff options
author | Gerald Carter <jerry@samba.org> | 2004-06-03 18:00:22 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:51:53 -0500 |
commit | 9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad (patch) | |
tree | 7b126d923a8a0ee8b02ab43bf54a43ce3344f051 /source3/rpc_client | |
parent | 4e1b26db3490c6063bf0ea05b8ae7e34a96ca8a9 (diff) | |
download | samba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.tar.gz samba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.tar.bz2 samba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.zip |
r991: Allow winbindd to use the domain trust account password
for setting up an schannel connection. This solves the problem
of a Samba DC running winbind, trusting a native mode AD domain,
and needing to enumerate AD users via wbinfo -u.
(This used to be commit e9f109d1b38e0b0adec9b7e9a907f90a79d297ea)
Diffstat (limited to 'source3/rpc_client')
-rw-r--r-- | source3/rpc_client/cli_netlogon.c | 11 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 3 |
2 files changed, 9 insertions, 5 deletions
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index f6d88a1950..02d2611d88 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -91,18 +91,25 @@ NTSTATUS cli_net_auth2(struct cli_state *cli, NET_Q_AUTH_2 q; NET_R_AUTH_2 r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + fstring machine_acct; prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL); + if ( sec_chan == SEC_CHAN_DOMAIN ) + fstr_sprintf( machine_acct, "%s$", lp_workgroup() ); + else + fstrcpy( machine_acct, cli->mach_acct ); + /* create and send a MSRPC command with api NET_AUTH2 */ DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n", - cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname(), + cli->srv_name_slash, machine_acct, sec_chan, global_myname(), credstr(cli->clnt_cred.challenge.data), *neg_flags)); /* store the parameters */ - init_q_auth_2(&q, cli->srv_name_slash, cli->mach_acct, + + init_q_auth_2(&q, cli->srv_name_slash, machine_acct, sec_chan, global_myname(), &cli->clnt_cred.challenge, *neg_flags); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index b24dbb7d25..9e2d5aa4a7 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1621,9 +1621,6 @@ NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan, int auth_flags return NT_STATUS_UNSUCCESSFUL; } - if (lp_client_schannel() != False) - neg_flags |= NETLOGON_NEG_SCHANNEL; - neg_flags |= NETLOGON_NEG_SCHANNEL; result = cli_nt_setup_creds(cli, sec_chan, trust_password, |