d74f938 ipaserver/dcerpc: Ensure LSA pipe has session key before using it

1 file Authored by abbra 8 years ago, Committed by tbabej 8 years ago,
    ipaserver/dcerpc: Ensure LSA pipe has session key before using it
    
    With Samba 4.2 there is a bug that prevents Samba to consider Kerberos
    credentials used by IPA httpd process when talking to smbd. As result,
    LSA RPC connection is seen as anonymous by Samba client code and we cannot
    derive session key to use for encrypting trust secrets before transmitting
    them.
    
    Additionally, rewrite of the SMB protocol support in Samba caused previously
    working logic of choosing DCE RPC binding string to fail. We need to try
    a different set of priorities until they fail or succeed.
    
    Requires Samba fixes from https://bugzilla.redhat.com/show_bug.cgi?id=1219832
    
    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1219834
    
    Reviewed-By: Tomas Babej <tbabej@redhat.com>
    
        
file modified
+14 -5