[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Wed Apr 3 18:58:02 UTC 2019
The branch, master has been updated
via 377d27359cc s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join
via 68121f46c74 s3-libnet_join: setup libnet join error string when AD connect fails
via ea29aa27cba s3-libnet_join: always pass down admin domain to ads layer
from a80ea6bf4fe rpc: Fix a typo
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 377d27359ccdb8f2680fda36ca388f44456590e5
Author: Günther Deschner <gd at samba.org>
Date: Tue Apr 2 13:16:55 2019 +0200
s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join
When a non-DNS and non-default admin domain is provided during the join
sometimes we might not be able to kinit with 'user at SHORTDOMAINNAME'
(e.g. when the winbind krb5 locator is not installed). In that case lets
fallback to NTLMSSP, like we do in winbind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Apr 3 18:57:31 UTC 2019 on sn-devel-144
commit 68121f46c74df9cef7a377040d01ba75cdcf5a26
Author: Günther Deschner <gd at samba.org>
Date: Tue Apr 2 13:16:11 2019 +0200
s3-libnet_join: setup libnet join error string when AD connect fails
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ea29aa27cbac4253ee1701fed99a3e0811f7475d
Author: Günther Deschner <gd at samba.org>
Date: Tue Apr 2 13:14:06 2019 +0200
s3-libnet_join: always pass down admin domain to ads layer
Otherwise we could loose the information that a non-default domain name
has been used for admin creds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/libnet/libnet_join.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
Changeset truncated at 500 lines:
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index e052306523d..b876d7ea89f 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -145,6 +145,8 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name,
return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
}
+ my_ads->auth.flags |= ADS_AUTH_ALLOW_NTLMSSP;
+
if (user_name) {
SAFE_FREE(my_ads->auth.user_name);
my_ads->auth.user_name = SMB_STRDUP(user_name);
@@ -205,7 +207,19 @@ static ADS_STATUS libnet_join_connect_ads(TALLOC_CTX *mem_ctx,
password = r->in.machine_password;
ccname = "MEMORY:libnet_join_machine_creds";
} else {
+ char *p = NULL;
+
username = r->in.admin_account;
+
+ p = strchr(r->in.admin_account, '@');
+ if (p == NULL) {
+ username = talloc_asprintf(mem_ctx, "%s@%s",
+ r->in.admin_account,
+ r->in.admin_domain);
+ }
+ if (username == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
password = r->in.admin_password;
/*
@@ -2643,6 +2657,9 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
ads_status = libnet_join_connect_ads_user(mem_ctx, r);
if (!ADS_ERR_OK(ads_status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to connect to AD: %s",
+ ads_errstr(ads_status));
return WERR_NERR_DEFAULTJOINREQUIRED;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list