From c97a29bdfdc0020ec0113073580da56f2d35edc1 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 22 Feb 2017 19:18:04 +0100 Subject: [PATCH] s3:winbindd: fix the valid usage anonymous smb authentication If we are in a situation where we don't have credentials to contact the remote domain or against an NT4 with the following settings: workgroup = NT4DOM security = domain require strong key = no client use spnego = no client ipc signing = auto BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- source3/winbindd/winbindd_cm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 75164190950..3a9ad1091c3 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1107,6 +1107,10 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, machine_domain, machine_account, machine_principal, machine_realm)); + if (cli_credentials_is_anonymous(creds)) { + goto anon_fallback; + } + winbindd_set_locator_kdc_envs(domain); result = cli_session_setup_creds(*cli, creds); @@ -1125,10 +1129,6 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, || NT_STATUS_EQUAL(result, NT_STATUS_NO_LOGON_SERVERS) || NT_STATUS_EQUAL(result, NT_STATUS_LOGON_FAILURE)) { - if (cli_credentials_is_anonymous(creds)) { - goto done; - } - if (!cm_is_ipc_credentials(creds)) { goto ipc_fallback; }