nt_resp,
&my_info3);
- if ((NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR)
- && contact_domain->can_do_samlogon_ex) {
- DEBUG(3, ("Got a DC that can not do NetSamLogonEx, "
- "retrying with NetSamLogon\n"));
- contact_domain->can_do_samlogon_ex = false;
+ if (NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) {
+
/*
* It's likely that the server also does not support
* validation level 6
*/
domain->can_do_validation6 = false;
- retry = true;
- continue;
+
+ if (contact_domain->can_do_samlogon_ex) {
+ DEBUG(3, ("Got a DC that can not do NetSamLogonEx, "
+ "retrying with NetSamLogon\n"));
+ contact_domain->can_do_samlogon_ex = false;
+ retry = true;
+ continue;
+ }
+
+ /* Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon
+ * (no Ex). This happens against old Samba
+ * DCs. Drop the connection.
+ */
+ invalidate_cm_connection(&contact_domain->conn);
+ result = NT_STATUS_LOGON_FAILURE;
+ break;
}
if (domain->can_do_validation6 &&
nt_resp,
&info3);
- if ((NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR)
- && contact_domain->can_do_samlogon_ex) {
- DEBUG(3, ("Got a DC that can not do NetSamLogonEx, "
- "retrying with NetSamLogon\n"));
- contact_domain->can_do_samlogon_ex = false;
+ if (NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) {
+
/*
* It's likely that the server also does not support
* validation level 6
*/
domain->can_do_validation6 = false;
- retry = true;
- continue;
+
+ if (contact_domain->can_do_samlogon_ex) {
+ DEBUG(3, ("Got a DC that can not do NetSamLogonEx, "
+ "retrying with NetSamLogon\n"));
+ contact_domain->can_do_samlogon_ex = false;
+ retry = true;
+ continue;
+ }
+
+ /* Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon
+ * (no Ex). This happens against old Samba
+ * DCs. Drop the connection.
+ */
+ invalidate_cm_connection(&contact_domain->conn);
+ result = NT_STATUS_LOGON_FAILURE;
+ break;
}
if (domain->can_do_validation6 &&