From 95bb2acbf066049f92c16836a2cdaea3aae829cc Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Tue, 16 Jan 2024 15:36:01 +0100 Subject: [PATCH] winbindd: also apply schannel logic as an NT4 DC This applies the same logic we already added in 06601b3a9293db35feda1b033fa864dc1a764164 for AD DCs wrt to IPC authentication when running as an NT4 DC in cm_prepare_connection(). Similarily adjust the check in cm_connect_lsa() added in 3e17a3b7cd4083299037ba9377931bea792b2d18 and in cm_connect_netlogon_transport() added by 532a14dc684e7a6d8c584d5671a4ebbad00aa4fc for cm_connect_netlogon_transport(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher --- source3/winbindd/winbindd_cm.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index a89c0bdbca1..1685edbabaa 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -701,7 +701,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, enum smb_signing_setting smb_sign_client_connections = lp_client_ipc_signing(); - if (IS_AD_DC) { + if (IS_DC) { if (domain->secure_channel_type == SEC_CHAN_NULL) { /* * Make sure we don't even try to @@ -809,7 +809,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, try_ipc_auth = true; } - if (IS_AD_DC) { + if (IS_DC) { /* * As AD DC we only use netlogon and lsa * using schannel over an anonymous transport @@ -2924,7 +2924,7 @@ retry: TALLOC_FREE(conn->lsa_pipe); - if (IS_AD_DC) { + if (IS_DC) { /* * Make sure we only use schannel as AD DC. */ @@ -3050,7 +3050,7 @@ retry: goto done; } - if (IS_AD_DC) { + if (IS_DC) { /* * Make sure we only use schannel as AD DC. */ @@ -3064,7 +3064,7 @@ retry: anonymous: - if (IS_AD_DC) { + if (IS_DC) { /* * Make sure we only use schannel as AD DC. */ @@ -3183,7 +3183,7 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain, *cli = NULL; - if (IS_AD_DC) { + if (IS_DC) { if (domain->secure_channel_type == SEC_CHAN_NULL) { /* * Make sure we don't even try to -- 2.11.4.GIT