s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join

When a non-DNS and non-default admin domain is provided during the join
sometimes we might not be able to kinit with 'user@SHORTDOMAINNAME'
(e.g. when the winbind krb5 locator is not installed). In that case lets
fallback to NTLMSSP, like we do in winbind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr  3 18:57:31 UTC 2019 on sn-devel-144

(cherry picked from commit 377d27359ccdb8f2680fda36ca388f44456590e5)

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 6d3fc1fe01faffc9c4cc750a2165df4350de9b17..b876d7ea89fb9a9165e100739a91daf9e7227565 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -145,6 +145,8 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name,
                return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
        }
 
+       my_ads->auth.flags |= ADS_AUTH_ALLOW_NTLMSSP;
+
        if (user_name) {
                SAFE_FREE(my_ads->auth.user_name);
                my_ads->auth.user_name = SMB_STRDUP(user_name);