From: Pavel Filipenský <pfilipensky@samba.org>
Date: Mon, 4 Aug 2025 21:28:24 +0000 (+0200)
Subject: s3:utils: Allow ROLE_IPA_DC to allow to use Kerberos in gensec
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Fv4-21-test;p=thirdparty%2Fsamba.git

s3:utils: Allow ROLE_IPA_DC to allow to use Kerberos in gensec

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug  5 14:51:51 UTC 2025 on atb-devel-224

(cherry picked from commit a4dff82e45308db3ccabac2a55c03d52f04d7b4d)

Autobuild-User(v4-21-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-21-test): Wed Aug  6 13:07:38 UTC 2025 on atb-devel-224
---

diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index e9b644724d9..df1484ecd21 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1355,7 +1355,11 @@ static NTSTATUS ntlm_auth_prepare_gensec_server(TALLOC_CTX *mem_ctx,
 
 	cli_credentials_set_conf(server_credentials, lp_ctx);
 
-	if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC || lp_security() == SEC_ADS || USE_KERBEROS_KEYTAB) {
+	if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC ||
+	    lp_server_role() == ROLE_IPA_DC ||
+	    lp_security() == SEC_ADS ||
+	    USE_KERBEROS_KEYTAB)
+	{
 		cli_credentials_set_kerberos_state(server_credentials,
 						   CRED_USE_KERBEROS_DESIRED,
 						   CRED_SPECIFIED);