The branch, master has been updated
via 377d27359cc s3-libnet_join: allow fallback to NTLMSSP auth in
libnet_join
via 68121f46c74 s3-libnet_join: setup libnet join error string when AD
connect fails
via ea29aa27cba s3-libnet_join: always pass down admin domain to ads
layer
from a80ea6bf4fe rpc: Fix a typo
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 377d27359ccdb8f2680fda36ca388f44456590e5
Author: Günther Deschner <[email protected]>
Date: Tue Apr 2 13:16:55 2019 +0200
s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join
When a non-DNS and non-default admin domain is provided during the join
sometimes we might not be able to kinit with 'user@SHORTDOMAINNAME'
(e.g. when the winbind krb5 locator is not installed). In that case lets
fallback to NTLMSSP, like we do in winbind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Guenther
Signed-off-by: Guenther Deschner <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
Autobuild-User(master): Andreas Schneider <[email protected]>
Autobuild-Date(master): Wed Apr 3 18:57:31 UTC 2019 on sn-devel-144
commit 68121f46c74df9cef7a377040d01ba75cdcf5a26
Author: Günther Deschner <[email protected]>
Date: Tue Apr 2 13:16:11 2019 +0200
s3-libnet_join: setup libnet join error string when AD connect fails
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Guenther
Signed-off-by: Guenther Deschner <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit ea29aa27cbac4253ee1701fed99a3e0811f7475d
Author: Günther Deschner <[email protected]>
Date: Tue Apr 2 13:14:06 2019 +0200
s3-libnet_join: always pass down admin domain to ads layer
Otherwise we could loose the information that a non-default domain name
has been used for admin creds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Guenther
Signed-off-by: Guenther Deschner <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/libnet/libnet_join.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
Changeset truncated at 500 lines:
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index e052306523d..b876d7ea89f 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -145,6 +145,8 @@ static ADS_STATUS libnet_connect_ads(const char
*dns_domain_name,
return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
}
+ my_ads->auth.flags |= ADS_AUTH_ALLOW_NTLMSSP;
+
if (user_name) {
SAFE_FREE(my_ads->auth.user_name);
my_ads->auth.user_name = SMB_STRDUP(user_name);
@@ -205,7 +207,19 @@ static ADS_STATUS libnet_join_connect_ads(TALLOC_CTX
*mem_ctx,
password = r->in.machine_password;
ccname = "MEMORY:libnet_join_machine_creds";
} else {
+ char *p = NULL;
+
username = r->in.admin_account;
+
+ p = strchr(r->in.admin_account, '@');
+ if (p == NULL) {
+ username = talloc_asprintf(mem_ctx, "%s@%s",
+ r->in.admin_account,
+ r->in.admin_domain);
+ }
+ if (username == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
password = r->in.admin_password;
/*
@@ -2643,6 +2657,9 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
ads_status = libnet_join_connect_ads_user(mem_ctx, r);
if (!ADS_ERR_OK(ads_status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to connect to AD: %s",
+ ads_errstr(ads_status));
return WERR_NERR_DEFAULTJOINREQUIRED;
}
--
Samba Shared Repository
