diff options
author | Jeremy Allison <jra@samba.org> | 2005-11-04 00:03:55 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:05:18 -0500 |
commit | 5678e4abb04e546735bff4907854ca32094a5b71 (patch) | |
tree | 239c2ef051fe584ca38e893c6e237e0547810239 /source3/rpc_client/cli_pipe.c | |
parent | e12eb25793606e4dba7d0d24cd4959209f5d8a30 (diff) | |
download | samba-5678e4abb04e546735bff4907854ca32094a5b71.tar.gz samba-5678e4abb04e546735bff4907854ca32094a5b71.tar.xz samba-5678e4abb04e546735bff4907854ca32094a5b71.zip |
r11492: Fix bug #3224 (I hope). Correctly use machine_account_name
and client_name when doing netlogon credential setup.
Jeremy.
(This used to be commit 37e6ef9389041f58eada167239fd022f01c5fecb)
Diffstat (limited to 'source3/rpc_client/cli_pipe.c')
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index bed1ef843a..7965aee807 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2409,7 +2409,7 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli, return NULL; } - if ( IS_DC ) { + if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) { fstrcpy( machine_account, lp_workgroup() ); } else { /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */ @@ -2421,9 +2421,10 @@ static struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli, } *perr = rpccli_netlogon_setup_creds(netlogon_pipe, - cli->desthost, - domain, - machine_account, + cli->desthost, /* server name */ + domain, /* domain */ + global_myname(), /* client name */ + machine_account, /* machine account name */ machine_pwd, sec_chan_type, &neg_flags); @@ -2531,7 +2532,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_ return NULL; } - if ( IS_DC ) { + /* if we are a DC and this is a trusted domain, then we need to use our + domain name in the net_req_auth2() request */ + + if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) { fstrcpy( machine_account, lp_workgroup() ); } else { /* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */ @@ -2543,9 +2547,10 @@ static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_ } *perr = rpccli_netlogon_setup_creds(netlogon_pipe, - cli->desthost, - domain, - machine_account, + cli->desthost, /* server name */ + domain, /* domain */ + global_myname(), /* client name */ + machine_account, /* machine account name */ machine_pwd, sec_chan_type, &neg_flags); |