From 2a52c97607031dab1dd9a14a9a057db99ea582b8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pavel=20Filipensk=C3=BD?= Date: Mon, 4 Aug 2025 23:28:24 +0200 Subject: [PATCH] s3:utils: Allow ROLE_IPA_DC to allow to use Kerberos in gensec MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891 Signed-off-by: Pavel Filipenský Reviewed-by: Alexander Bokovoy Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Tue Aug 5 14:51:51 UTC 2025 on atb-devel-224 (cherry picked from commit a4dff82e45308db3ccabac2a55c03d52f04d7b4d) Autobuild-User(v4-21-test): Jule Anger Autobuild-Date(v4-21-test): Wed Aug 6 13:07:38 UTC 2025 on atb-devel-224 --- source3/utils/ntlm_auth.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index e9b644724d9..df1484ecd21 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1355,7 +1355,11 @@ static NTSTATUS ntlm_auth_prepare_gensec_server(TALLOC_CTX *mem_ctx, cli_credentials_set_conf(server_credentials, lp_ctx); - if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC || lp_security() == SEC_ADS || USE_KERBEROS_KEYTAB) { + if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC || + lp_server_role() == ROLE_IPA_DC || + lp_security() == SEC_ADS || + USE_KERBEROS_KEYTAB) + { cli_credentials_set_kerberos_state(server_credentials, CRED_USE_KERBEROS_DESIRED, CRED_SPECIFIED); -- 2.47.2