From 438d0ad451678c42614ab800bceaf490e09c120a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 10 Nov 2005 19:50:09 +0000 Subject: r11651: After talking to Jeremy, commit my winbindd "Do the Right Thing" patch. Still needs some more testing ni domains with multiple DCs. Coming next.... (This used to be commit aaed605206a8549cec575dab31e56bf6d32f26a6) --- source3/libads/kerberos.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'source3/libads/kerberos.c') diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 7f855add06..d5b4b11fa2 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -130,8 +130,25 @@ int ads_kinit_password(ADS_STRUCT *ads) { char *s; int ret; + const char *account_name; + fstring acct_name; - if (asprintf(&s, "%s@%s", ads->auth.user_name, ads->auth.realm) == -1) { + if ( IS_DC ) { + /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */ + account_name = lp_workgroup(); + } else { + /* always use the sAMAccountName for security = domain */ + /* global_myname()$@REA.LM */ + if ( lp_security() == SEC_DOMAIN ) { + fstr_sprintf( acct_name, "%s$", global_myname() ); + account_name = acct_name; + } + else + /* This looks like host/global_myname()@REA.LM */ + account_name = ads->auth.user_name; + } + + if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) { return KRB5_CC_NOMEM; } -- cgit