summaryrefslogtreecommitdiff
path: root/source4/libnet
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libnet')
-rw-r--r--source4/libnet/libnet_join.c11
-rw-r--r--source4/libnet/libnet_join.h1
2 files changed, 8 insertions, 4 deletions
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
index df61df7f10..627cc97e32 100644
--- a/source4/libnet/libnet_join.c
+++ b/source4/libnet/libnet_join.c
@@ -76,6 +76,7 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J
"msDS-KeyVersionNumber",
"servicePrincipalName",
"dNSHostName",
+ "objectGUID",
NULL,
};
@@ -264,9 +265,6 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J
return NT_STATUS_UNSUCCESSFUL;
}
- /* If we have a kvno recorded in AD, we need it locally as well */
- kvno = ldb_msg_find_attr_as_uint(res->msgs[0], "msDS-KeyVersionNumber", 0);
-
/* Prepare a new message, for the modify */
msg = ldb_msg_new(tmp_ctx);
if (!msg) {
@@ -383,7 +381,12 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J
r->out.domain_dn_str = r_crack_names.out.ctr.ctr1->array[0].result_name;
talloc_steal(r, r_crack_names.out.ctr.ctr1->array[0].result_name);
- r->out.kvno = kvno;
+ /* Store the KVNO of the account, critical for some kerberos
+ * operations */
+ r->out.kvno = ldb_msg_find_attr_as_uint(res->msgs[0], "msDS-KeyVersionNumber", 0);
+
+ /* Store the account GUID. */
+ r->out.account_guid = samdb_result_guid(res->msgs[0], "objectGUID");
if (r->in.acct_type == ACB_SVRTRUST) {
status = libnet_JoinSite(remote_ldb, r);
diff --git a/source4/libnet/libnet_join.h b/source4/libnet/libnet_join.h
index aa0b244f6d..9e7748b4dd 100644
--- a/source4/libnet/libnet_join.h
+++ b/source4/libnet/libnet_join.h
@@ -60,6 +60,7 @@ struct libnet_JoinDomain {
struct dcerpc_binding *samr_binding;
struct policy_handle *user_handle;
struct dom_sid *account_sid;
+ struct GUID account_guid;
} out;
};