From ca63c6e0796454c18a1d580df99cbd6d05f60672 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Wed, 19 Mar 2008 16:09:37 +0100
Subject: Merge dd9e0bea31751 from 3-0-ctdb -- use NetSamLogonEx when possible

NetSamLogonEx has the advantage that it does not use the credential chain
(This used to be commit cfceb063f559f8549b8f24ce347be213c89303b0)
---
 source3/winbindd/winbindd_cm.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'source3/winbindd/winbindd_cm.c')

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 072b4ee98f..c715ac08d8 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2403,6 +2403,11 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
  no_schannel:
 	if ((lp_client_schannel() == False) ||
 			((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
+		/*
+		 * NetSamLogonEx only works for schannel
+		 */
+		domain->can_do_samlogon_ex = False;
+
 		/* We're done - just keep the existing connection to NETLOGON
 		 * open */
 		conn->netlogon_pipe = netlogon_pipe;
@@ -2434,6 +2439,11 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
 		return !NT_STATUS_IS_OK(result) ? result : NT_STATUS_PIPE_NOT_AVAILABLE;
 	}
 
+	/*
+	 * Try NetSamLogonEx for AD domains
+	 */
+	domain->can_do_samlogon_ex = domain->active_directory;
+
 	*cli = conn->netlogon_pipe;
 	return NT_STATUS_OK;
 }
-- 
cgit