[PR PATCH] If samlogon for trusted child domain user fails attempt to reroute re…

github at samba.org github at samba.org
Fri Dec 18 05:39:26 UTC 2015


There is a new pull request by noelpower against master on the Samba Samba Github repository

https://github.com/noelpower/samba reroute-samlogon
https://github.com/samba-team/samba/pull/47

If samlogon for trusted child domain user fails attempt to reroute re…
…quest

When kerboros authentication fails we may attempt to fallback to
samlogon.  However schannel netlogon connections from a domain child
winbindd to the domain controller when that domain is not 'our'
domain are dissallowed and thus the credentials are not available.
The samlogon request when this happens cannot be serviced. This patch
detects if the samlogon fallback will occur for a non primary domain
winbindd child, in this case it will return a status of
NT_STATUS_MORE_PROCESSING_REQUIRED to the parent.
The parent then will then retry the authentication by chosing and sending
the request to a domain child that should be able to handle it.

Signed-off-by: Noel Power <noel.power at suse.com>

A patch file from https://github.com/samba-team/samba/pull/47.patch is attached
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: github-pr-reroute-samlogon-47.patch
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20151218/0a44f249/github-pr-reroute-samlogon-47.patch>


More information about the samba-technical mailing list