Tree - rpms/samba - src.fedoraproject.org

rpms / samba

Overview Files Commits Branches Forks Releases
Monitoring status:

Bugzilla Assignee:

Fedora:: gd
EPEL:: gd
Files

Commit: 3fe38fb635cf62f3e20ae2e5429fbd65baab2479
Blob Blame History Raw
From b89f28556ad0d1caf9cf41c56a0d67440098358f Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 12 Apr 2016 09:36:12 +0300
Subject: [PATCH] s3-winbind: make sure domain member can talk to trusted
 domains DCs

  Allow cm_connect_netlogon() to talk to trusted domains' DCs when
  running in a domain member configuration.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
---
 source3/winbindd/winbindd_cm.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 63175e5..1ef3d17 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2578,9 +2578,10 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
  anonymous:
 
 	/* Finally fall back to anonymous. */
-	if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
+	if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
+	    (IS_DC || domain->primary)) {
 		status = NT_STATUS_DOWNGRADE_DETECTED;
-		DEBUG(1, ("Unwilling to make SAMR connection to domain %s"
+		DEBUG(1, ("Unwilling to make SAMR connection to domain %s "
 			  "without connection level security, "
 			  "must set 'winbind sealed pipes = false' and "
 			  "'require strong key = false' to proceed: %s\n",
@@ -2811,9 +2812,10 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
 
  anonymous:
 
-	if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
+	if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
+	    (IS_DC || domain->primary)) {
 		result = NT_STATUS_DOWNGRADE_DETECTED;
-		DEBUG(1, ("Unwilling to make LSA connection to domain %s"
+		DEBUG(1, ("Unwilling to make LSA connection to domain %s "
 			  "without connection level security, "
 			  "must set 'winbind sealed pipes = false' and "
 			  "'require strong key = false' to proceed: %s\n",
@@ -2978,9 +2980,10 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
 
  no_schannel:
 	if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
-		if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
+		if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
+		    (IS_DC || domain->primary)) {
 			result = NT_STATUS_DOWNGRADE_DETECTED;
-			DEBUG(1, ("Unwilling to make connection to domain %s"
+			DEBUG(1, ("Unwilling to make connection to domain %s "
 				  "without connection level security, "
 				  "must set 'winbind sealed pipes = false' and "
 				  "'require strong key = false' to proceed: %s\n",
-- 
2.5.5
rpms / samba

Source Code

Files
