}
result = rpccli_netlogon_setup_creds(netlogon_pipe,
- dc_name,
- domain,
- global_myname(),
+ dc_name, /* server name */
+ domain, /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
machine_pwd,
sec_chan_type,
&neg_flags);
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
result = rpccli_netlogon_setup_creds(cli,
- cli->cli->desthost,
- lp_workgroup(),
- global_myname(),
+ cli->cli->desthost, /* server name */
+ lp_workgroup(), /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
orig_trust_passwd_hash,
sec_channel_type,
&neg_flags);
return NT_STATUS_NO_MEMORY;
}
- result = rpccli_netlogon_setup_creds
- (netlogon_pipe,
+ result = rpccli_netlogon_setup_creds(
+ netlogon_pipe,
domain->dcname, /* server name. */
domain->name, /* domain name */
+ global_myname(), /* client name */
account_name, /* machine account */
mach_pwd, /* machine password */
sec_chan_type, /* from get_trust_pw */
NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
const char *server_name,
const char *domain,
+ const char *clnt_name,
const char *machine_account,
const unsigned char machine_pwd[16],
uint32 sec_chan_type,
result = rpccli_net_req_chal(cli,
cli->mem_ctx,
dc->remote_machine,
- machine_account,
+ clnt_name,
&clnt_chal_send,
&srv_chal_recv);
dc->remote_machine,
dc->mach_acct,
sec_chan_type,
- machine_account,
+ clnt_name,
neg_flags_inout,
&clnt_chal_send, /* input. */
&srv_chal_recv); /* output */
return NULL;
}
- if ( IS_DC ) {
+ if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
fstrcpy( machine_account, lp_workgroup() );
} else {
/* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
}
*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
- cli->desthost,
- domain,
- machine_account,
+ cli->desthost, /* server name */
+ domain, /* domain */
+ global_myname(), /* client name */
+ machine_account, /* machine account name */
machine_pwd,
sec_chan_type,
&neg_flags);
return NULL;
}
- if ( IS_DC ) {
+ /* if we are a DC and this is a trusted domain, then we need to use our
+ domain name in the net_req_auth2() request */
+
+ if ( IS_DC && !strequal(domain, lp_workgroup()) && lp_allow_trusted_domains()) {
fstrcpy( machine_account, lp_workgroup() );
} else {
/* Hmmm. Is this correct for trusted domains when we're a member server ? JRA. */
}
*perr = rpccli_netlogon_setup_creds(netlogon_pipe,
- cli->desthost,
- domain,
- machine_account,
+ cli->desthost, /* server name */
+ domain, /* domain */
+ global_myname(), /* client name */
+ machine_account, /* machine account name */
machine_pwd,
sec_chan_type,
&neg_flags);
}
ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
- cli->desthost,
- lp_workgroup(),
- global_myname(),
+ cli->desthost, /* server name */
+ lp_workgroup(), /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
trust_password,
sec_channel_type,
&neg_flags);
}
result = rpccli_netlogon_setup_creds(pipe_hnd,
- cli->desthost,
- domain,
- global_myname(),
+ cli->desthost, /* server name */
+ domain, /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
md4_trust_password,
sec_channel_type,
&neg_flags);