From 1c8f326dc6367969852d0ac30887428345be9d7d Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 22 Nov 2011 08:02:20 -0500
Subject: [PATCH] s3-netlogon: Add support to authenticate trusted domains.

---
 source3/rpc_server/netlogon/srv_netlog_nt.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index f681e909dd..086a0ea3c5 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -907,6 +907,19 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
 		srv_flgs |= NETLOGON_NEG_SCHANNEL;
 	}
 
+	/*
+	 * Support authenticaten of trusted domains.
+	 *
+	 * These flags are the minimum required set which works with win2k3
+	 * and win2k8.
+	 */
+	if (pdb_capabilities() & PDB_CAP_TRUSTED_DOMAINS_EX) {
+		srv_flgs |= NETLOGON_NEG_TRANSITIVE_TRUSTS |
+			    NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+			    NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+			    NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION;
+	}
+
 	switch (p->opnum) {
 		case NDR_NETR_SERVERAUTHENTICATE:
 			fn = "_netr_ServerAuthenticate";
-- 
2.34.1