s3:winbindd: allow a fallback to NTLMSSP for LDAP connections

This matches the behaviour of pdb_get_trust_credentials() for
our machine account and allows us to fallback to NTLMSSP
when contacting trusted domains.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4e9a0894cd977585ccc94e7c1811de1b0293382d)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Feb 28 13:13:04 CET 2017 on sn-devel-144

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index a9a23db423ba6dc906d769b26cea25d5d9d9675c..808986d8b184c68d33bd3bce2306999aef254ef2 100644 (file)
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -119,6 +119,8 @@ static ADS_STATUS ads_cached_connection_connect(ADS_STRUCT **adsp,
        ads->auth.renewable = renewable;
        ads->auth.password = password;
 
+       ads->auth.flags |= ADS_AUTH_ALLOW_NTLMSSP;
+
        ads->auth.realm = SMB_STRDUP(auth_realm);
        if (!strupper_m(ads->auth.realm)) {
                ads_destroy(&ads);