diff options
author | Stefan Metzmacher <metze@samba.org> | 2017-02-22 20:07:25 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2017-02-28 09:38:24 +0100 |
commit | ba39080cbe3443ff08d231e30a99bb754f83edc2 (patch) | |
tree | ed7c8840bbefb20d79efa02254340dcad2d87715 | |
parent | c07f071e86067a90ec36643287470c7ec8cc0fda (diff) | |
download | samba-ba39080cbe3443ff08d231e30a99bb754f83edc2.tar.gz |
s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()
The implementation of pdb_get_trust_credentials() should have all
the details to set the kerberos_state to a useful value.
This should enable the fallback to NTLMSSP again, when using our
machine account against trusted domains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 51caeb7c538b7546e5feccf27a735bb803c78a0b)
-rw-r--r-- | source3/winbindd/winbindd_cm.c | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index f8e4607a845..b83b5c97ac6 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -936,17 +936,6 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain, goto ipc_fallback; } - if (domain->primary && lp_security() == SEC_ADS) { - cli_credentials_set_kerberos_state(creds, - CRED_AUTO_USE_KERBEROS); - } else if (domain->active_directory) { - cli_credentials_set_kerberos_state(creds, - CRED_MUST_USE_KERBEROS); - } else { - cli_credentials_set_kerberos_state(creds, - CRED_DONT_USE_KERBEROS); - } - if (creds_domain != domain) { /* * We can only use schannel against a direct trust |