diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-01-07 23:46:47 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2004-01-07 23:46:47 +0000 |
commit | 125e7e8e25d306fcba1f56692bf549337792d017 (patch) | |
tree | 2b0b1e219c896b1089c15f9b831c57daaad60cab /source3/nsswitch/winbindd_ads.c | |
parent | e82bfa5cf6aa61b3b51db4ff2b683657635038f4 (diff) | |
download | samba-125e7e8e25d306fcba1f56692bf549337792d017.tar.gz samba-125e7e8e25d306fcba1f56692bf549337792d017.tar.xz samba-125e7e8e25d306fcba1f56692bf549337792d017.zip |
Machines are people too!
While machine accounts cannot use an NTLM login (NT4 style), they are
otherwise full and valid members of the domain, and expect to be able to
use kerberos to connect to CIFS servers.
This means that the LocalSystem account, used by various services, can
perform things like backups, without the admin needing to enter further
passwords.
This particular issue (bug 722) has started to come up a lot on the lists.
I have only enabled it for winbindd-based systems, as the macros use use
to call the 'add user script' will strip the $ from the username for
security reasons.
Andrew Bartlett
(This used to be commit 6a9bbd1da3bb961d24e74348fa0b68574022855f)
Diffstat (limited to 'source3/nsswitch/winbindd_ads.c')
-rw-r--r-- | source3/nsswitch/winbindd_ads.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index 90b83bccd0b..2f47a6b0561 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -112,7 +112,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, goto done; } - rc = ads_search_retry(ads, &res, "(objectCategory=user)", attrs); + rc = ads_search_retry(ads, &res, "(objectClass=user)", attrs); if (!ADS_ERR_OK(rc) || !res) { DEBUG(1,("query_user_list ads_search: %s\n", ads_errstr(rc))); goto done; |