git.samba.org / obnox / samba / samba-obnox.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5586095)
s3-winbind: Fix bug 7888 -- deal with buggy 3.0 based PDCs
authorGünther Deschner <gd@samba.org>
Tue, 28 Jun 2011 21:59:11 +0000 (23:59 +0200)
committerGünther Deschner <gd@samba.org>
Wed, 29 Jun 2011 22:42:23 +0000 (00:42 +0200)
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Jun 30 00:42:23 CEST 2011 on sn-devel-104

source3/winbindd/winbindd_pam.c patch | blob | history

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 910e42971a7dd2581bd8ca3d57f1595631cfb995..21b237a1f1e87836b0ecd276cac82649da0947cd 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1250,18 +1250,30 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
                                        info3);
                }
 
-               if (NT_STATUS_EQUAL(result, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)
-                   && domain->can_do_samlogon_ex) {
-                       DEBUG(3, ("Got a DC that can not do NetSamLogonEx, "
-                                 "retrying with NetSamLogon\n"));
-                       domain->can_do_samlogon_ex = false;
+               if (NT_STATUS_EQUAL(result, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+
                        /*
                         * It's likely that the server also does not support
                         * validation level 6
                         */
                        domain->can_do_validation6 = false;
-                       retry = true;
-                       continue;
+
+                       if (domain->can_do_samlogon_ex) {
+                               DEBUG(3, ("Got a DC that can not do NetSamLogonEx, "
+                                         "retrying with NetSamLogon\n"));
+                               domain->can_do_samlogon_ex = false;
+                               retry = true;
+                               continue;
+                       }
+
+
+                       /* Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon
+                        * (no Ex). This happens against old Samba
+                        * DCs. Drop the connection.
+                        */
+                       invalidate_cm_connection(&domain->conn);
+                       result = NT_STATUS_LOGON_FAILURE;
+                       break;
                }
 
                if (domain->can_do_validation6 &&
Michael's Samba GIT