summaryrefslogtreecommitdiff
path: root/source4/libnet
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libnet')
-rw-r--r--source4/libnet/libnet_join.c32
1 files changed, 32 insertions, 0 deletions
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
index 289756c76f..ad3ed81ee4 100644
--- a/source4/libnet/libnet_join.c
+++ b/source4/libnet/libnet_join.c
@@ -323,6 +323,38 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J
}
}
+ msg = ldb_msg_new(tmp_ctx);
+ if (!msg) {
+ r->out.error_string = NULL;
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+ msg->dn = res->msgs[0]->dn;
+
+ rtn = ldb_msg_add_fmt(msg, "msDS-SupportedEncryptionTypes",
+ "%lu",
+ (long unsigned int)(ENC_CRC32 | ENC_RSA_MD5 |
+ ENC_RC4_HMAC_MD5 |
+ ENC_HMAC_SHA1_96_AES128 |
+ ENC_HMAC_SHA1_96_AES256));
+ if (rtn == -1) {
+ r->out.error_string = NULL;
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ rtn = dsdb_replace(remote_ldb, msg, 0);
+ /* The remote server may not support this attribute, if it
+ * isn't a modern schema */
+ if (rtn != 0 && rtn != LDB_ERR_NO_SUCH_ATTRIBUTE) {
+ r->out.error_string
+ = talloc_asprintf(r,
+ "Failed to replace msDS-SupportedEncryptionType on %s",
+ ldb_dn_get_linearized(msg->dn));
+ talloc_free(tmp_ctx);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
/* DsCrackNames to find out the DN of the domain. */
r_crack_names.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
r_crack_names.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;