| commit | be994ca579c6c302d9d6487c863699b3e4457210 | |
| author | Andrew Bartlett <abartlet@samba.org> | |
| Wed, 11 Dec 2013 02:10:39 +0000 (11 15:10 +1300) | ||
| committer | Andrew Bartlett <abartlet@samba.org> | |
| Fri, 17 Oct 2014 10:57:07 +0000 (17 12:57 +0200) | ||
| tree | 592891c48889512a78022ecacb4c3fc6d46134ef | treesnapshot (tar.gz zip) |
| parent | 0392ebcd1d48e9f472f2148b85316a77d9cc953b | commitdiff |
s3-winbindd: Use own machine account to connect to trusted domains as well
This relies on a two-way trust, which we may not have, but is the only
secure way to do this. To do this correctly we need to split NETLOGON
from normal authentication, as we need to use the machine account for
the SMB level, but the inter-domain trust account for the NETLOGON
level.
Change-Id: Ib93eb6a4d704ef26df8234be7cb71c47ad519c8a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This relies on a two-way trust, which we may not have, but is the only
secure way to do this. To do this correctly we need to split NETLOGON
from normal authentication, as we need to use the machine account for
the SMB level, but the inter-domain trust account for the NETLOGON
level.
Change-Id: Ib93eb6a4d704ef26df8234be7cb71c47ad519c8a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
| source3/winbindd/winbindd_cm.c | diffblobblamehistory |