diff options
Diffstat (limited to 'samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch')
-rw-r--r-- | samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch | 59 |
1 files changed, 0 insertions, 59 deletions
diff --git a/samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch b/samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch deleted file mode 100644 index 06b5a83..0000000 --- a/samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch +++ /dev/null @@ -1,59 +0,0 @@ -From afb52fd865448042ddda6b660df159f93f344b93 Mon Sep 17 00:00:00 2001 -From: Alexander Bokovoy <abokovoy@redhat.com> -Date: Tue, 12 Apr 2016 09:36:12 +0300 -Subject: [PATCH] s3-winbind: make sure domain member can talk to trusted - domains DCs - - Allow cm_connect_netlogon() to talk to trusted domains' DCs when - running in a domain member configuration. - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830 - -Signed-off-by: Alexander Bokovoy <ab@samba.org> ---- - source3/winbindd/winbindd_cm.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c -index 45e3fad..6f5a042 100644 ---- a/source3/winbindd/winbindd_cm.c -+++ b/source3/winbindd/winbindd_cm.c -@@ -2851,9 +2851,10 @@ retry: - anonymous: - - /* Finally fall back to anonymous. */ -- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) { -+ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) && -+ (IS_DC || domain->primary)) { - status = NT_STATUS_DOWNGRADE_DETECTED; -- DEBUG(1, ("Unwilling to make SAMR connection to domain %s" -+ DEBUG(1, ("Unwilling to make SAMR connection to domain %s " - "without connection level security, " - "must set 'winbind sealed pipes = false' and " - "'require strong key = false' to proceed: %s\n", -@@ -3150,7 +3151,8 @@ retry: - - anonymous: - -- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) { -+ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) && -+ (IS_DC || domain->primary)) { - result = NT_STATUS_DOWNGRADE_DETECTED; - DEBUG(1, ("Unwilling to make LSA connection to domain %s " - "without connection level security, " -@@ -3324,9 +3326,10 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain, - TALLOC_FREE(netlogon_creds); - - if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) { -- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) { -+ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) && -+ (IS_DC || domain->primary)) { - result = NT_STATUS_DOWNGRADE_DETECTED; -- DEBUG(1, ("Unwilling to make connection to domain %s" -+ DEBUG(1, ("Unwilling to make connection to domain %s " - "without connection level security, " - "must set 'winbind sealed pipes = false' and " - "'require strong key = false' to proceed: %s\n", --- -2.5.5 - |