X-Git-Url: http://git.samba.org/?a=blobdiff_plain;f=source3%2Fpassdb%2Fpdb_samba_dsdb.c;h=bbedd88523e926ab93f010bc2c03a70f753b36da;hb=05eb7b52cd7ebcb5bfc873e388c745f8e958c994;hp=638a4a290f1d06e2d4b2e5af4fc7f57bb9617d52;hpb=7387678ff518a394d9f837561987af0e90464d6c;p=obnox%2Fsamba%2Fsamba-obnox.git

diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index 638a4a290f1..bbedd88523e 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -2296,8 +2296,10 @@ static NTSTATUS pdb_samba_dsdb_get_trusteddom_creds(struct pdb_methods *m,
 	bool ok;
 	const char *my_netbios_name = NULL;
 	const char *my_netbios_domain = NULL;
+	const char *my_dns_domain = NULL;
 	const char *netbios_domain = NULL;
 	char *account_name = NULL;
+	char *principal_name = NULL;
 	const char *dns_domain = NULL;
 
 	status = sam_get_results_trust(state->ldb, tmp_ctx, domain,
@@ -2389,6 +2391,7 @@ static NTSTATUS pdb_samba_dsdb_get_trusteddom_creds(struct pdb_methods *m,
 
 	my_netbios_name = lpcfg_netbios_name(state->lp_ctx);
 	my_netbios_domain = lpcfg_workgroup(state->lp_ctx);
+	my_dns_domain = lpcfg_dnsdomain(state->lp_ctx);
 
 	creds = cli_credentials_init(tmp_ctx);
 	if (creds == NULL) {
@@ -2413,12 +2416,27 @@ static NTSTATUS pdb_samba_dsdb_get_trusteddom_creds(struct pdb_methods *m,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	cli_credentials_set_secure_channel_type(creds, SEC_CHAN_DOMAIN);
-
-	account_name = talloc_asprintf(tmp_ctx, "%s$", my_netbios_domain);
-	if (account_name == NULL) {
-		TALLOC_FREE(tmp_ctx);
-		return NT_STATUS_NO_MEMORY;
+	if (my_dns_domain != NULL && dns_domain != NULL) {
+		cli_credentials_set_secure_channel_type(creds, SEC_CHAN_DNS_DOMAIN);
+		account_name = talloc_asprintf(tmp_ctx, "%s.", my_dns_domain);
+		if (account_name == NULL) {
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+		principal_name = talloc_asprintf(tmp_ctx, "%s$@%s", my_netbios_domain,
+						 cli_credentials_get_realm(creds));
+		if (principal_name == NULL) {
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+	} else {
+		cli_credentials_set_secure_channel_type(creds, SEC_CHAN_DOMAIN);
+		account_name = talloc_asprintf(tmp_ctx, "%s$", my_netbios_domain);
+		if (account_name == NULL) {
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+		principal_name = NULL;
 	}
 
 	ok = cli_credentials_set_username(creds, account_name, CRED_SPECIFIED);
@@ -2427,6 +2445,15 @@ static NTSTATUS pdb_samba_dsdb_get_trusteddom_creds(struct pdb_methods *m,
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	if (principal_name != NULL) {
+		ok = cli_credentials_set_principal(creds, principal_name,
+						   CRED_SPECIFIED);
+		if (!ok) {
+			TALLOC_FREE(tmp_ctx);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
 	if (password_nt.length == 16) {
 		struct samr_Password nt_hash;