The Samba-Bugzilla – Attachment 11983 Details for
Bug 11830
Domain member cannot resolve trusted domains' users
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
propsed patch forv v4.2
0001-v4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch (text/plain), 2.58 KB, created by
Alexander Bokovoy
on 2016-04-12 08:22:26 UTC
(
hide
)
Description:
propsed patch forv v4.2
Filename:
MIME Type:
Creator:
Alexander Bokovoy
Created:
2016-04-12 08:22:26 UTC
Size:
2.58 KB
patch
obsolete
>From b89f28556ad0d1caf9cf41c56a0d67440098358f Mon Sep 17 00:00:00 2001 >From: Alexander Bokovoy <abokovoy@redhat.com> >Date: Tue, 12 Apr 2016 09:36:12 +0300 >Subject: [PATCH] s3-winbind: make sure domain member can talk to trusted > domains DCs > > Allow cm_connect_netlogon() to talk to trusted domains' DCs when > running in a domain member configuration. > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830 > >Signed-off-by: Alexander Bokovoy <ab@samba.org> >--- > source3/winbindd/winbindd_cm.c | 15 +++++++++------ > 1 file changed, 9 insertions(+), 6 deletions(-) > >diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c >index 63175e5..1ef3d17 100644 >--- a/source3/winbindd/winbindd_cm.c >+++ b/source3/winbindd/winbindd_cm.c >@@ -2578,9 +2578,10 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > anonymous: > > /* Finally fall back to anonymous. */ >- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) { >+ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) && >+ (IS_DC || domain->primary)) { > status = NT_STATUS_DOWNGRADE_DETECTED; >- DEBUG(1, ("Unwilling to make SAMR connection to domain %s" >+ DEBUG(1, ("Unwilling to make SAMR connection to domain %s " > "without connection level security, " > "must set 'winbind sealed pipes = false' and " > "'require strong key = false' to proceed: %s\n", >@@ -2811,9 +2812,10 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > > anonymous: > >- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) { >+ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) && >+ (IS_DC || domain->primary)) { > result = NT_STATUS_DOWNGRADE_DETECTED; >- DEBUG(1, ("Unwilling to make LSA connection to domain %s" >+ DEBUG(1, ("Unwilling to make LSA connection to domain %s " > "without connection level security, " > "must set 'winbind sealed pipes = false' and " > "'require strong key = false' to proceed: %s\n", >@@ -2978,9 +2980,10 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, > > no_schannel: > if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) { >- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) { >+ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) && >+ (IS_DC || domain->primary)) { > result = NT_STATUS_DOWNGRADE_DETECTED; >- DEBUG(1, ("Unwilling to make connection to domain %s" >+ DEBUG(1, ("Unwilling to make connection to domain %s " > "without connection level security, " > "must set 'winbind sealed pipes = false' and " > "'require strong key = false' to proceed: %s\n", >-- >2.5.5 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
obnox
:
review-
Actions:
View
Attachments on
bug 11830
:
11980
|
11981
|
11982
|
11983
|
12166
|
12174
|
12177
|
12178
|
12978
|
12979
|
12980