summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/passdb.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 874355da67..d69da8f32e 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1568,8 +1568,22 @@ bool get_trust_pw_clear(const char *domain, char **ret_pwd,
return true;
}
- /* Here we are a domain member server. We can only be a member
- of one domain so ignore the request domain and assume our own */
+ /*
+ * Since we can only be member of one single domain, we are now
+ * in a member situation:
+ *
+ * - Either we are a DC (selfjoined) and the domain is our
+ * own domain.
+ * - Or we are on a member and the domain is our own or some
+ * other (potentially trusted) domain.
+ *
+ * In both cases, we can only get the machine account password
+ * for our own domain to connect to our own dc. (For a member,
+ * request to trusted domains are performed through our dc.)
+ *
+ * So we simply use our own domain name to retrieve the
+ * machine account passowrd and ignore the request domain here.
+ */
pwd = secrets_fetch_machine_password(lp_workgroup(), &last_set_time, channel);