From 7d2d7dcf386bc6ac523c38179074fb677bd9efa0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 22 Feb 2017 21:18:32 +0100
Subject: s3:winbindd: allow a fallback to NTLMSSP for LDAP connections

This matches the behaviour of pdb_get_trust_credentials() for
our machine account and allows us to fallback to NTLMSSP
when contacting trusted domains.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4e9a0894cd977585ccc94e7c1811de1b0293382d)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Feb 28 13:13:04 CET 2017 on sn-devel-144
---
 source3/winbindd/winbindd_ads.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index a9a23db423b..808986d8b18 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -119,6 +119,8 @@ static ADS_STATUS ads_cached_connection_connect(ADS_STRUCT **adsp,
 	ads->auth.renewable = renewable;
 	ads->auth.password = password;
 
+	ads->auth.flags |= ADS_AUTH_ALLOW_NTLMSSP;
+
 	ads->auth.realm = SMB_STRDUP(auth_realm);
 	if (!strupper_m(ads->auth.realm)) {
 		ads_destroy(&ads);
-- 
cgit v1.2.1