The Samba-Bugzilla – Attachment 12174 Details for
Bug 11830
Domain member cannot resolve trusted domains' users
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for master
0001-s3-winbind-Fix-schannel-connections-against-trusted-.patch (text/plain), 2.30 KB, created by
Andreas Schneider
on 2016-06-10 15:10:08 UTC
(
hide
)
Description:
patch for master
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2016-06-10 15:10:08 UTC
Size:
2.30 KB
patch
obsolete
>From be0682ece1aa2dc69493978b5085cc29f8bde29f Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 10 Jun 2016 16:51:18 +0200 >Subject: [PATCH] s3-winbind: Fix schannel connections against trusted domain > DCs > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830 > >Pair-Programmed-With: Andreas Schneider <asn@samba.org> >Signed-off-by: Guenther Deschner <gd@samba.org> >Signed-off-by: Andreas Schneider <asn@samba.org> >--- > source3/winbindd/winbindd_cm.c | 16 +++++++++++++++- > 1 file changed, 15 insertions(+), 1 deletion(-) > >diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c >index ff0e081..1de731a 100644 >--- a/source3/winbindd/winbindd_cm.c >+++ b/source3/winbindd/winbindd_cm.c >@@ -903,6 +903,7 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain, > struct cli_credentials *creds; > NTSTATUS status; > bool force_machine_account = false; >+ bool ok; > > /* If we are a DC and this is not our own domain */ > >@@ -947,7 +948,13 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain, > CRED_DONT_USE_KERBEROS); > } > >- if (creds_domain != domain) { >+ /* >+ * When we contact our own domain and get a list of the trusted domain >+ * we have the information if we are able to contact the DC with >+ * with our machine account password. >+ */ >+ ok = winbindd_can_contact_domain(domain); >+ if (!ok) { > /* > * We can only use schannel against a direct trust > */ >@@ -3284,6 +3291,8 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain, > > sec_chan_type = cli_credentials_get_secure_channel_type(creds); > if (sec_chan_type == SEC_CHAN_NULL) { >+ DBG_WARNING("get_secure_channel_type gave SEC_CHAN_NULL for %s\n", >+ domain->name); > return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; > } > >@@ -3323,6 +3332,11 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain, > conn->netlogon_flags = netlogon_creds->negotiate_flags; > TALLOC_FREE(netlogon_creds); > >+ /* >+ * FIXME: Document in which case we are not able to contact >+ * a DC without schannel. Which information do we try to get >+ * from this DC? >+ */ > if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) { > if (lp_winbind_sealed_pipes() || lp_require_strong_key()) { > result = NT_STATUS_DOWNGRADE_DETECTED; >-- >2.8.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12174">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 11830
:
11980
|
11981
|
11982
|
11983
|
12166
|
12174
|
12177
|
12178
|
12978
|
12979
|
12980