From b0e97793aba2847726455df8f4d694d2564442f7 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 18 Dec 2014 01:20:29 +0000
Subject: [PATCH] s3:winbindd: also try to fallback to anonymous if we get
 NT_STATUS_INVALID_ACCOUNT_NAME

Kerberos authentication may return NT_STATUS_INVALID_ACCOUNT_NAME (PRINCIPAL_UNKNOWN)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source3/winbindd/winbindd_cm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 52e3fa1b362..94fdfdf34e9 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1149,6 +1149,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
 	 */
 	if (NT_STATUS_EQUAL(result, NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT)
 	    || NT_STATUS_EQUAL(result, NT_STATUS_TRUSTED_DOMAIN_FAILURE)
+	    || NT_STATUS_EQUAL(result, NT_STATUS_INVALID_ACCOUNT_NAME)
 	    || NT_STATUS_EQUAL(result, NT_STATUS_LOGON_FAILURE))
 	{
 		if (cli_credentials_is_anonymous(creds)) {
-- 
2.34.1