diff options
| -rw-r--r-- | source3/passdb/passdb.c | 6 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_cm.c | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 46dab156ee..e3a3d3ca9e 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -1560,10 +1560,10 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd, return true; } - /* Just get the account for the requested domain. In the future this - * might also cover to be member of more than one domain. */ + /* Here we are a domain member server. We can only be a member + of one domain so ignore the request domain and assume our own */ - pwd = secrets_fetch_machine_password(domain, &last_set_time, channel); + pwd = secrets_fetch_machine_password(lp_workgroup(), &last_set_time, channel); if (pwd != NULL) { *ret_pwd = pwd; diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 377b1b2d21..9bab80377a 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -706,12 +706,12 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain, return NT_STATUS_NO_MEMORY; } - /* this is at least correct when domain is our domain, - * which is the only case, when this is currently used: */ + /* For now assume our machine account only exists in our domain */ + if (machine_krb5_principal != NULL) { if (asprintf(machine_krb5_principal, "%s$@%s", - account_name, domain->alt_name) == -1) + account_name, lp_realm()) == -1) { return NT_STATUS_NO_MEMORY; } |