s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()

The implementation of pdb_get_trust_credentials() should have all the details to set the kerberos_state to a useful value. This should enable the fallback to NTLMSSP again, when using our machine account against trusted domains. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2017-02-22 20:07:25 +0100
committer: Stefan Metzmacher <metze@samba.org> 2017-02-24 18:40:15 +0100
commit: 51caeb7c538b7546e5feccf27a735bb803c78a0b (patch)
tree: f1e20ba446afc0775e08badbb6ad511957413a9f
parent: ba9d139ec3d71af184a24daf24356304c2e49144 (diff)
download: samba-51caeb7c538b7546e5feccf27a735bb803c78a0b.tar.gz
1 files changed, 0 insertions, 11 deletions
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 9cef0d48072..c9890ac413e 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -936,17 +936,6 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain,
 		goto ipc_fallback;
 	}
 
-	if (domain->primary && lp_security() == SEC_ADS) {
-		cli_credentials_set_kerberos_state(creds,
-						   CRED_AUTO_USE_KERBEROS);
-	} else if (domain->active_directory) {
-		cli_credentials_set_kerberos_state(creds,
-						   CRED_MUST_USE_KERBEROS);
-	} else {
-		cli_credentials_set_kerberos_state(creds,
-						   CRED_DONT_USE_KERBEROS);
-	}
-
 	if (creds_domain != domain) {
 		/*
 		 * We can only use schannel against a direct trust
author	Stefan Metzmacher <metze@samba.org>	2017-02-22 20:07:25 +0100
committer	Stefan Metzmacher <metze@samba.org>	2017-02-24 18:40:15 +0100
commit	51caeb7c538b7546e5feccf27a735bb803c78a0b (patch)
tree	f1e20ba446afc0775e08badbb6ad511957413a9f
parent	ba9d139ec3d71af184a24daf24356304c2e49144 (diff)
download	samba-51caeb7c538b7546e5feccf27a735bb803c78a0b.tar.gz