Make sure that domain joins work correctly when the DC disallows NTLM auth.

Signed-Off-By: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-By: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 27 21:49:25 CET 2013 on sn-devel-104

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 3d0a6d30b89d17df00ce56d6444caedaee07e88d..2b4ab0bf9e84f8f77a3def98b7ffe409d596bcd9 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1170,7 +1170,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 
 NTSTATUS libnet_join_ok(const char *netbios_domain_name,
                        const char *machine_name,
-                       const char *dc_name)
+                       const char *dc_name,
+                       const bool use_kerberos)
 {
        uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
        struct cli_state *cli = NULL;
@@ -1179,6 +1180,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
        NTSTATUS status;
        char *machine_password = NULL;
        char *machine_account = NULL;
+       int flags = 0;
 
        if (!dc_name) {
                return NT_STATUS_INVALID_PARAMETER;
@@ -1199,6 +1201,10 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
                return NT_STATUS_NO_MEMORY;
        }
 
+       if (use_kerberos) {
+               flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
+       }
+
        status = cli_full_connection(&cli, NULL,
                                     dc_name,
                                     NULL, 0,
@@ -1206,7 +1212,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
                                     machine_account,
                                     NULL,
                                     machine_password,
-                                    0,
+                                    flags,
                                     SMB_SIGNING_DEFAULT);
        free(machine_account);
        free(machine_password);
@@ -1277,7 +1283,8 @@ static WERROR libnet_join_post_verify(TALLOC_CTX *mem_ctx,
 
        status = libnet_join_ok(r->out.netbios_domain_name,
                                r->in.machine_name,
-                               r->in.dc_name);
+                               r->in.dc_name,
+                               r->in.use_kerberos);
        if (!NT_STATUS_IS_OK(status)) {
                libnet_join_set_error_string(mem_ctx, r,
                        "failed to verify domain membership after joining: %s",
@@ -2084,6 +2091,7 @@ static WERROR libnet_join_rollback(TALLOC_CTX *mem_ctx,
        u->in.admin_account     = r->in.admin_account;
        u->in.admin_password    = r->in.admin_password;
        u->in.modify_config     = r->in.modify_config;
+       u->in.use_kerberos      = r->in.use_kerberos;
        u->in.unjoin_flags      = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
                                  WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE;
 

diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h
index dccf03b715b038b2a5e2dea87e3319a8274a0fa1..58c33b2dbcdbb26b3cf5b5e6ad9bd14b3902bc96 100644 (file)
--- a/source3/libnet/libnet_join.h
+++ b/source3/libnet/libnet_join.h
@@ -25,7 +25,8 @@
 
 NTSTATUS libnet_join_ok(const char *netbios_domain_name,
                        const char *machine_name,
-                       const char *dc_name);
+                       const char *dc_name,
+                       const bool use_kerberos);
 WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx,
                           struct libnet_JoinCtx **r);
 WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx,