diff options
| -rw-r--r-- | ipalib/plugins/trust.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index 5d04a2a8e..4e4e0b162 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -1487,7 +1487,12 @@ class trustdomain_del(LDAPDelete): def fetch_domains_from_trust(myapi, trustinstance, trust_entry, **options): trust_name = trust_entry['cn'][0] - creds = generate_creds(trustinstance, style=CRED_STYLE_SAMBA, **options) + # We want to use Kerberos if we have admin credentials even with SMB calls + # as eventually use of NTLMSSP will be deprecated for trusted domain operations + # If admin credentials are missing, 'creds' will be None and fetch_domains + # will use HTTP/ipa.master@IPA.REALM principal, e.g. Kerberos authentication + # as well. + creds = generate_creds(trustinstance, style=CRED_STYLE_KERBEROS, **options) server = options.get('realm_server', None) domains = ipaserver.dcerpc.fetch_domains(myapi, trustinstance.local_flatname, |