[PATCH] winbindd: support foreign domains when NTLM is restricted
Uri Simchoni
uri at samba.org
Sun Feb 14 19:42:17 UTC 2016
Ping...
On 02/10/2016 12:57 AM, Uri Simchoni wrote:
> Hi,
>
> Attached is a patch to fix
> https://bugzilla.samba.org/show_bug.cgi?id=11691 - winbindd doesn't
> connect to a trusted domain if the DC of that domain refuses NTLM
> authentication. Review appreciated.
>
> The basic idea is to pre-mark the domain as AD domain based on trust
> properties, thus allowing the initial connection to be attempted using
> Kerberos.
>
> The patch is marked V2 because I circulated a similar patch a few days
> ago - basically it's a bit cleaner and possibly more correct in a couple
> of places (re-scanning root domain).
>
> In the previous message I expressed my desire to further clean up the
> code in this area, namely that foreign domain properties will be
> determined ONLY based on trust properties, not by contacting the domain,
> and possibly some other cleanups - this will wait for another time I'm
> afraid, and also this limited change is safer for backporting.
>
> Thanks,
> Uri.
>
More information about the samba-technical
mailing list