From 84a3e0c1be9b532a8ce753909a8e48e9e0c89b34 Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Tue, 26 Feb 2013 20:22:05 -0800 Subject: [PATCH] Make sure that domain joins work correctly when the DC disallows NTLM auth. Signed-Off-By: Richard Sharpe --- source3/libnet/libnet_join.c | 14 +++++++++++--- source3/libnet/libnet_join.h | 3 ++- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 3d0a6d3..2b4ab0b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1170,7 +1170,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, NTSTATUS libnet_join_ok(const char *netbios_domain_name, const char *machine_name, - const char *dc_name) + const char *dc_name, + const bool use_kerberos) { uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; struct cli_state *cli = NULL; @@ -1179,6 +1180,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, NTSTATUS status; char *machine_password = NULL; char *machine_account = NULL; + int flags = 0; if (!dc_name) { return NT_STATUS_INVALID_PARAMETER; @@ -1199,6 +1201,10 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, return NT_STATUS_NO_MEMORY; } + if (use_kerberos) { + flags |= CLI_FULL_CONNECTION_USE_KERBEROS; + } + status = cli_full_connection(&cli, NULL, dc_name, NULL, 0, @@ -1206,7 +1212,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, machine_account, NULL, machine_password, - 0, + flags, SMB_SIGNING_DEFAULT); free(machine_account); free(machine_password); @@ -1277,7 +1283,8 @@ static WERROR libnet_join_post_verify(TALLOC_CTX *mem_ctx, status = libnet_join_ok(r->out.netbios_domain_name, r->in.machine_name, - r->in.dc_name); + r->in.dc_name, + r->in.use_kerberos); if (!NT_STATUS_IS_OK(status)) { libnet_join_set_error_string(mem_ctx, r, "failed to verify domain membership after joining: %s", @@ -2084,6 +2091,7 @@ static WERROR libnet_join_rollback(TALLOC_CTX *mem_ctx, u->in.admin_account = r->in.admin_account; u->in.admin_password = r->in.admin_password; u->in.modify_config = r->in.modify_config; + u->in.use_kerberos = r->in.use_kerberos; u->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE; diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index dccf03b..58c33b2 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -25,7 +25,8 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, const char *machine_name, - const char *dc_name); + const char *dc_name, + const bool use_kerberos); WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx **r); WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, -- 1.7.4.4