diff options
author | Stefan Metzmacher <metze@samba.org> | 2017-02-22 20:07:25 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2017-02-24 18:40:15 +0100 |
commit | 51caeb7c538b7546e5feccf27a735bb803c78a0b (patch) | |
tree | f1e20ba446afc0775e08badbb6ad511957413a9f | |
parent | ba9d139ec3d71af184a24daf24356304c2e49144 (diff) | |
download | samba-51caeb7c538b7546e5feccf27a735bb803c78a0b.tar.gz |
s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()
The implementation of pdb_get_trust_credentials() should have all
the details to set the kerberos_state to a useful value.
This should enable the fallback to NTLMSSP again, when using our
machine account against trusted domains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
-rw-r--r-- | source3/winbindd/winbindd_cm.c | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 9cef0d48072..c9890ac413e 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -936,17 +936,6 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain, goto ipc_fallback; } - if (domain->primary && lp_security() == SEC_ADS) { - cli_credentials_set_kerberos_state(creds, - CRED_AUTO_USE_KERBEROS); - } else if (domain->active_directory) { - cli_credentials_set_kerberos_state(creds, - CRED_MUST_USE_KERBEROS); - } else { - cli_credentials_set_kerberos_state(creds, - CRED_DONT_USE_KERBEROS); - } - if (creds_domain != domain) { /* * We can only use schannel against a direct trust |