From a24fa6abf4f8a937554d292448a765677f9dec53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Tue, 31 May 2016 18:47:34 +0200 Subject: [PATCH] s3:libnet: accept empty realm for AD domains when only security=domain is set. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Initial patch from Matt Rogers @ RedHat. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977 Guenther Pair-Programmed-With: Andreas Schneider Signed-off-by: Guenther Deschner Signed-off-by: Andreas Schneider Autobuild-User(master): Günther Deschner Autobuild-Date(master): Wed Jun 15 20:28:31 CEST 2016 on sn-devel-144 (cherry picked from commit 234a470f198f8f09f46aaeaf58f966faccedef18) --- source3/libnet/libnet_join.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index a28864d..b5a5ae2 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -2367,9 +2367,26 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, W_ERROR_HAVE_NO_MEMORY(wrong_conf); } + /* + * We should generate the warning for the special case when + * domain is AD, "security = domain" and the realm parameter is + * not set. + */ + if (lp_security() == SEC_DOMAIN && + r->out.domain_is_ad && + !valid_realm) { + libnet_join_set_error_string(mem_ctx, r, + "Warning: when joining AD domains with security=domain, " + "\"realm\" should be defined in the configuration (%s) " + "and configuration modification was not requested", + wrong_conf); + return WERR_OK; + } + libnet_join_set_error_string(mem_ctx, r, "Invalid configuration (%s) and configuration modification " "was not requested", wrong_conf); + return WERR_CAN_NOT_COMPLETE; } -- 2.9.0