/* PAM auth functions */
{ WINBINDD_PAM_AUTH, winbindd_pam_auth, "PAM_AUTH" },
- { WINBINDD_PAM_AUTH_CRAP, winbindd_crap_auth, "AUTH_CRAP" },
+ { WINBINDD_PAM_AUTH_CRAP, winbindd_pam_auth_crap, "AUTH_CRAP" },
{ WINBINDD_PAM_CHAUTHTOK, winbindd_pam_chauthtok, "CHAUTHTOK" },
/* Enumeration functions */
generate_random_buffer(clnt_chal.data, 8);
server_name = talloc_asprintf(mem_ctx, "\\\\%s", domain->dcname);
- account_name = talloc_asprintf(mem_ctx, "%s$",
- domain->primary ?
- global_myname() : domain->name);
+
+ /* if we are a DC and this is a trusted domain, then we need to use our
+ domain name in the net_req_auth2() request */
+
+ if ( IS_DC ) {
+ account_name = talloc_asprintf( mem_ctx, "%s$", lp_workgroup() );
+ }
+ else {
+ account_name = talloc_asprintf(mem_ctx, "%s$",
+ domain->primary ? global_myname() : domain->name);
+ }
if ((server_name == NULL) || (account_name == NULL))
return NT_STATUS_NO_MEMORY;
Challenge Response Authentication Protocol
**********************************************************************/
-enum winbindd_result winbindd_crap_auth(struct winbindd_cli_state *state)
+enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain = NULL;
const char *domain_name = NULL;
/* Get info for the domain */
- domain = find_lookup_domain_from_name(domname);
+ domain = find_domain_from_name(domname);
if (domain == NULL) {
DEBUG(7, ("could not find domain entry for domain %s\n",
return WINBINDD_ERROR;
}
- if ( domain->primary && lp_winbind_trusted_domains_only()) {
- DEBUG(7,("winbindd_getpwnam: My domain -- rejecting "
- "getgroups() for %s\\%s.\n", domname, username));
+ if ( strequal(domname, lp_workgroup()) && lp_winbind_trusted_domains_only() ) {
+ DEBUG(7,("winbindd_getpwnam: My domain -- rejecting getpwnam() for %s\\%s.\n",
+ domname, username));
return WINBINDD_ERROR;
}