[PATCH] winbindd: support foreign domains when NTLM is restricted

Uri Simchoni uri at samba.org
Sun Feb 14 19:42:17 UTC 2016

On 02/10/2016 12:57 AM, Uri Simchoni wrote:
> Hi,
> Attached is a patch to fix
> https://bugzilla.samba.org/show_bug.cgi?id=11691 - winbindd doesn't
> connect to a trusted domain if the DC of that domain refuses NTLM
> authentication. Review appreciated.
> The basic idea is to pre-mark the domain as AD domain based on trust
> properties, thus allowing the initial connection to be attempted using
> Kerberos.
> The patch is marked V2 because I circulated a similar patch a few days
> ago - basically it's a bit cleaner and possibly more correct in a couple
> of places (re-scanning root domain).
> In the previous message I expressed my desire to further clean up the
> code in this area, namely that foreign domain properties will be
> determined ONLY based on trust properties, not by contacting the domain,
> and possibly some other cleanups - this will wait for another time I'm
> afraid, and also this limited change is safer for backporting.
> Thanks,
> Uri.

More information about the samba-technical mailing list