samba-tool domain trust: fix trust compatibility to Windows Server 1709 and FreeIPA Two patches from this pull request attempt to fix compatibilities to Windows Server 1709 and FreeIPA. FreeIPA does not implement netr_DsRGetDCNameEx2() in a way that can be used by `samba-tool`, so a DC search fails when running `samba-tool domain trust create`. Insteda, use netr_DsRGetDCNameEx2() with a remote server name to call own DC. This should cause our own DC to use CLDAP discovery which is supported by FreeIPA. Windows Server 1709 disabled SMB1 by default, so one has to set `client ipc min protocol = SMB2` to get trust established. While this is a proper fix going forward, it makes sense to default to SMB2 internally when establishing LSA and Netlogon RPC connections even if `smb.conf` lacks the correct option and fall back to an older protocol only if smb2 fails. This is an approach already used by FreeIPA DC for few years.
Created attachment 14338 [details] Patches for v4-9-test
Comment on attachment 14338 [details] Patches for v4-9-test LGTM. This patchset does not include FreeIPA parts as they are addressed by c390728819e73cefbf02e0d52d22805930f4c45b in bug https://bugzilla.samba.org/show_bug.cgi?id=13538
Created attachment 14339 [details] Patches for v4-8-test
Created attachment 14340 [details] Patches for v4-7-test
Comment on attachment 14339 [details] Patches for v4-8-test LGTM.
Comment on attachment 14340 [details] Patches for v4-7-test LGTM.
Pushed to autobuild-v4-{9,8,7}-test.
Karolin, I do not see these patches in v4-8-test.
(In reply to Alexander Bokovoy from comment #8) 4b3ac377a autobuild failed and was restarted yesterday. Pushed now.
Pushed to all branches. Closing out bug report. Thanks!