/[smeserver]/rpms/samba/sme10/samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch
ViewVC logotype

Annotation of /rpms/samba/sme10/samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Thu Mar 2 16:04:48 2017 UTC (7 years, 8 months ago) by unnilennium
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED
update to samba-4.4.4-12 upstream version

1 vip-ire 1.1 From b89f28556ad0d1caf9cf41c56a0d67440098358f Mon Sep 17 00:00:00 2001
2     From: Alexander Bokovoy <abokovoy@redhat.com>
3     Date: Tue, 12 Apr 2016 09:36:12 +0300
4     Subject: [PATCH] s3-winbind: make sure domain member can talk to trusted
5     domains DCs
6    
7     Allow cm_connect_netlogon() to talk to trusted domains' DCs when
8     running in a domain member configuration.
9    
10     Signed-off-by: Alexander Bokovoy <ab@samba.org>
11     ---
12     source3/winbindd/winbindd_cm.c | 15 +++++++++------
13     1 file changed, 9 insertions(+), 6 deletions(-)
14    
15     diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
16     index 63175e5..1ef3d17 100644
17     --- a/source3/winbindd/winbindd_cm.c
18     +++ b/source3/winbindd/winbindd_cm.c
19     @@ -2578,9 +2578,10 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
20     anonymous:
21    
22     /* Finally fall back to anonymous. */
23     - if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
24     + if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
25     + (IS_DC || domain->primary)) {
26     status = NT_STATUS_DOWNGRADE_DETECTED;
27     - DEBUG(1, ("Unwilling to make SAMR connection to domain %s"
28     + DEBUG(1, ("Unwilling to make SAMR connection to domain %s "
29     "without connection level security, "
30     "must set 'winbind sealed pipes = false' and "
31     "'require strong key = false' to proceed: %s\n",
32     @@ -2811,9 +2812,10 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
33    
34     anonymous:
35    
36     - if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
37     + if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
38     + (IS_DC || domain->primary)) {
39     result = NT_STATUS_DOWNGRADE_DETECTED;
40     - DEBUG(1, ("Unwilling to make LSA connection to domain %s"
41     + DEBUG(1, ("Unwilling to make LSA connection to domain %s "
42     "without connection level security, "
43     "must set 'winbind sealed pipes = false' and "
44     "'require strong key = false' to proceed: %s\n",
45     @@ -2978,9 +2980,10 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
46    
47     no_schannel:
48     if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
49     - if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
50     + if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
51     + (IS_DC || domain->primary)) {
52     result = NT_STATUS_DOWNGRADE_DETECTED;
53     - DEBUG(1, ("Unwilling to make connection to domain %s"
54     + DEBUG(1, ("Unwilling to make connection to domain %s "
55     "without connection level security, "
56     "must set 'winbind sealed pipes = false' and "
57     "'require strong key = false' to proceed: %s\n",
58     --
59     2.5.5
60    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed