From 6c1501a8efd49efb7b9f5c75963c2f1124e7e258 Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Fri, 10 Feb 2012 11:45:21 -0800 Subject: [PATCH] s3-winbindd: set the can_do_validation6 also for trusted domain The flag can_do_validation6 was only set for the domain to which winbindd is the member. Setting this flag in other domains (trusted domain) if it's active directory domain is a good idea as it allow to do level 6 validation also when winbindd is querying them directly. (cherry picked from commit 05036fab0a9847219c73c0abd931a39fba0bccfd) Address bug #8599 (WINBINDD_PAM_AUTH_CRAP returns invalid user session key). (cherry picked from commit 01747a5554839f21992b8845328c4b08c3dd8ff8) --- source3/winbindd/winbindd_cm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index cc3e3edd899..a63c3f553ea 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1766,6 +1766,8 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain ) "running active directory.\n", domain->name, domain->active_directory ? "" : "NOT ")); + domain->can_do_ncacn_ip_tcp = domain->active_directory; + domain->can_do_validation6 = domain->active_directory; domain->initialized = True; -- 2.34.1