diff options
author | Andreas Schneider <asn@samba.org> | 2019-08-13 17:41:40 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-10-09 07:06:35 +0000 |
commit | b84abb3a46211dc84e52ef95750627e4dd081f2f (patch) | |
tree | 5cb672447c2023ea612c117b9c880df1c8ab9188 /source3/winbindd | |
parent | 456322a61319a10aaedda5244488ea4e5aa5cb64 (diff) | |
download | samba-b84abb3a46211dc84e52ef95750627e4dd081f2f.tar.gz |
s3:libnet: Require sealed LDAP SASL connections for joining
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Diffstat (limited to 'source3/winbindd')
-rw-r--r-- | source3/winbindd/winbindd_ads.c | 5 | ||||
-rw-r--r-- | source3/winbindd/winbindd_cm.c | 5 |
2 files changed, 8 insertions, 2 deletions
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 485ca831be9..20f47eb5954 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -110,7 +110,10 @@ static ADS_STATUS ads_cached_connection_connect(ADS_STRUCT **adsp, /* we don't want this to affect the users ccache */ setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1); - ads = ads_init(target_realm, target_dom_name, ldap_server); + ads = ads_init(target_realm, + target_dom_name, + ldap_server, + ADS_SASL_SEAL); if (!ads) { DEBUG(1,("ads_init for domain %s failed\n", target_dom_name)); return ADS_ERROR(LDAP_NO_MEMORY); diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index b9a1c1eda7b..0e671ca22be 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1414,7 +1414,10 @@ static bool dcip_check_name(TALLOC_CTX *mem_ctx, print_sockaddr(addr, sizeof(addr), pss); - ads = ads_init(domain->alt_name, domain->name, addr); + ads = ads_init(domain->alt_name, + domain->name, + addr, + ADS_SASL_PLAIN); ads->auth.flags |= ADS_AUTH_NO_BIND; ads->config.flags |= request_flags; ads->server.no_fallback = true; |