The branch, master has been updated
via e29d8f1 libnet: ignore realm setting for domain security joins to
AD domains if 'winbind rpc only = true'
via 7720d04 Revert "s3:libnet: accept empty realm for AD domains when
only security=domain is set."
from 345cfae smbd: Fix a signed/unsigned hickup
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e29d8f108cd090706dc3f54282f5c33ec30df899
Author: Michael Adam <[email protected]>
Date: Wed Jun 15 23:03:32 2016 +0200
libnet: ignore realm setting for domain security joins to AD domains if
'winbind rpc only = true'
Inspired by initial patch from Matt Rogers @ RedHat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Signed-off-by: Michael Adam <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
Autobuild-User(master): Michael Adam <[email protected]>
Autobuild-Date(master): Wed Jun 22 05:05:47 CEST 2016 on sn-devel-144
commit 7720d0475517b1f99c0a547c11f0f40b95511d41
Author: Michael Adam <[email protected]>
Date: Thu Jun 16 11:20:15 2016 +0200
Revert "s3:libnet: accept empty realm for AD domains when only
security=domain is set."
This reverts commit 234a470f198f8f09f46aaeaf58f966faccedef18.
Signed-off-by: Michael Adam <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/libnet/libnet_join.c | 33 ++++++++++++++++-----------------
1 file changed, 16 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 0a23e0d..df4fa72 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2303,6 +2303,7 @@ static WERROR libnet_join_check_config(TALLOC_CTX
*mem_ctx,
bool valid_security = false;
bool valid_workgroup = false;
bool valid_realm = false;
+ bool ignored_realm = false;
/* check if configuration is already set correctly */
@@ -2322,11 +2323,26 @@ static WERROR libnet_join_check_config(TALLOC_CTX
*mem_ctx,
valid_realm = strequal(lp_realm(),
r->out.dns_domain_name);
switch (lp_security()) {
case SEC_DOMAIN:
+ if (!valid_realm && lp_winbind_rpc_only()) {
+ valid_realm = true;
+ ignored_realm = true;
+ }
case SEC_ADS:
valid_security = true;
}
if (valid_workgroup && valid_realm && valid_security) {
+ if (ignored_realm && !r->in.modify_config)
+ {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Warning: ignoring realm when "
+ "joining AD domain with "
+ "'security=domain' and "
+ "'winbind rpc only = yes'. "
+ "(realm set to '%s', "
+ "should be '%s').", lp_realm(),
+ r->out.dns_domain_name);
+ }
/* nothing to be done */
return WERR_OK;
}
@@ -2367,26 +2383,9 @@ static WERROR libnet_join_check_config(TALLOC_CTX
*mem_ctx,
W_ERROR_HAVE_NO_MEMORY(wrong_conf);
}
- /*
- * We should generate the warning for the special case when
- * domain is AD, "security = domain" and the realm parameter is
- * not set.
- */
- if (lp_security() == SEC_DOMAIN &&
- r->out.domain_is_ad &&
- !valid_realm) {
- libnet_join_set_error_string(mem_ctx, r,
- "Warning: when joining AD domains with
security=domain, "
- "\"realm\" should be defined in the
configuration (%s) "
- "and configuration modification was not
requested",
- wrong_conf);
- return WERR_OK;
- }
-
libnet_join_set_error_string(mem_ctx, r,
"Invalid configuration (%s) and configuration
modification "
"was not requested", wrong_conf);
-
return WERR_CAN_NOT_COMPLETE;
}
--
Samba Shared Repository
