Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
if (cli_credentials_get_netlogon_creds(creds) != NULL) {
keep_schannel = true;
}
+
+ /*
+ * Even if Kerberos is set to REQUIRED, keep the
+ * schannel auth mechanism that machine accounts are
+ * able to authenticate via netlogon.
+ */
+ if (gensec_security->gensec_role == GENSEC_SERVER) {
+ keep_schannel = true;
+ }
}
if (gensec_security->settings->backends) {