s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()

The implementation of pdb_get_trust_credentials() should have all
the details to set the kerberos_state to a useful value.

This should enable the fallback to NTLMSSP again, when using our
machine account against trusted domains.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 51caeb7c538b7546e5feccf27a735bb803c78a0b)

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 610464d44352db728ea1bf534b6296af3c10626f..d1dce731f4a6875e0febdc6db41d3568dc0ecff4 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -936,17 +936,6 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain,
                goto ipc_fallback;
        }
 
-       if (domain->primary && lp_security() == SEC_ADS) {
-               cli_credentials_set_kerberos_state(creds,
-                                                  CRED_AUTO_USE_KERBEROS);
-       } else if (domain->active_directory) {
-               cli_credentials_set_kerberos_state(creds,
-                                                  CRED_MUST_USE_KERBEROS);
-       } else {
-               cli_credentials_set_kerberos_state(creds,
-                                                  CRED_DONT_USE_KERBEROS);
-       }
-
        if (creds_domain != domain) {
                /*
                 * We can only use schannel against a direct trust