struct cli_credentials *creds;
NTSTATUS status;
bool force_machine_account = false;
- bool ok;
/* If we are a DC and this is not our own domain */
CRED_DONT_USE_KERBEROS);
}
- /*
- * When we contact our own domain and get a list of the trusted domain
- * we have the information if we are able to contact the DC with
- * with our machine account password.
- */
- ok = winbindd_can_contact_domain(domain);
- if (!ok) {
+ if (creds_domain != domain) {
/*
* We can only use schannel against a direct trust
*/
sec_chan_type = cli_credentials_get_secure_channel_type(creds);
if (sec_chan_type == SEC_CHAN_NULL) {
- DBG_WARNING("get_secure_channel_type gave SEC_CHAN_NULL for %s\n",
- domain->name);
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
conn->netlogon_flags = netlogon_creds->negotiate_flags;
TALLOC_FREE(netlogon_creds);
- /*
- * FIXME: Document in which case we are not able to contact
- * a DC without schannel. Which information do we try to get
- * from this DC?
- */
if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
result = NT_STATUS_DOWNGRADE_DETECTED;