From 8cc347fc5a8ee51fea60fb1bad3b23fef67d8f0b Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Mon, 21 Jul 2025 06:44:22 +0200 Subject: [PATCH 1/4] tldap: use tevent_req_set_endtime() to terminate LDAP searches Needed to detect unresponsive LDAP servers, otherwise we might be sitting up to 924.6 seconds after sending a request before the kernel notifies us of a broken connection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844 Signed-off-by: Ralph Boehme Reviewed-by: Guenther Deschner (cherry picked from commit 4e79fe13325385ef4fe37baeec8656c9b332de19) --- source3/lib/tldap.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source3/lib/tldap.c b/source3/lib/tldap.c index db06e9f1282..11bf28ad4e4 100644 --- a/source3/lib/tldap.c +++ b/source3/lib/tldap.c @@ -1895,6 +1895,11 @@ struct tevent_req *tldap_search_send(TALLOC_CTX *mem_ctx, if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } + if (timelimit != 0) { + struct timeval end; + end = timeval_current_ofs(timelimit * 1.5F, 0); + tevent_req_set_endtime(subreq, ev, end); + } tevent_req_set_callback(subreq, tldap_search_done, req); return req; -- 2.50.1 From 18e56ce72009795cf8562dc39faf600d11583587 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 24 Jul 2025 15:49:19 +0200 Subject: [PATCH 2/4] idmap_ad: add and use ldap_timeout and fix LDAP server failover The key parts are: 1. If an LDAP search fails with the hardcoded fatal error, remove the retry. That would only retry the query against the same server, taken from the DCINFO cache key. Instead, force a DC rediscovery. 2. Set a default ldap_timeout and pass it to tldap_search(). This avoids tldap_search() hanging forever on a stale TCP connection. 3. The LDAP server idmap_ad is using is not necessarily the same DC we're using for RPC, so in case we learn about a dead DC, put it in the negative-conn-cache. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844 Signed-off-by: Ralph Boehme Reviewed-by: Guenther Deschner (cherry picked from commit 4d69ec473b7be763399c9787eda8e659a1582184) --- source3/winbindd/idmap_ad.c | 33 ++++++++++++++------ source3/winbindd/wb_queryuser.c | 10 +++++- source3/winbindd/wb_sids2xids.c | 12 ++++++- source3/winbindd/wb_xids2sids.c | 10 +++++- source3/winbindd/winbindd_cm.c | 52 +++++++++++++++++++++++++++++++ source3/winbindd/winbindd_proto.h | 1 + 6 files changed, 106 insertions(+), 12 deletions(-) diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 38e902b8292..0644b844df1 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -50,6 +50,7 @@ struct idmap_ad_context { bool unix_primary_group; bool unix_nss_info; + int ldap_timeout; struct ldb_context *ldb; struct ldb_dn **deny_ous; @@ -576,6 +577,8 @@ static NTSTATUS idmap_ad_context_create(TALLOC_CTX *mem_ctx, domname, "unix_primary_group", false); ctx->unix_nss_info = idmap_config_bool( domname, "unix_nss_info", false); + ctx->ldap_timeout = idmap_config_int( + domname, "ldap_timeout", 10); schema_mode = idmap_config_const_string( domname, "schema_mode", "rfc2307"); @@ -742,7 +745,7 @@ static NTSTATUS idmap_ad_query_user(struct idmap_domain *domain, rc = tldap_search(ctx->ld, ctx->default_nc, TLDAP_SCOPE_SUB, filter, attrs, ARRAY_SIZE(attrs), 0, NULL, 0, NULL, 0, - 0, 0, 0, talloc_tos(), &msgs); + ctx->ldap_timeout, 0, 0, talloc_tos(), &msgs); if (!TLDAP_RC_IS_SUCCESS(rc)) { return NT_STATUS_LDAP(TLDAP_RC_V(rc)); } @@ -815,13 +818,17 @@ static NTSTATUS idmap_ad_query_user_retry(struct idmap_domain *domain, { const NTSTATUS status_server_down = NT_STATUS_LDAP(TLDAP_RC_V(TLDAP_SERVER_DOWN)); + const NTSTATUS status_timeout = + NT_STATUS_LDAP(TLDAP_RC_V(TLDAP_TIMEOUT)); NTSTATUS status; status = idmap_ad_query_user(domain, info); - if (NT_STATUS_EQUAL(status, status_server_down)) { + if (NT_STATUS_EQUAL(status, status_server_down) || + NT_STATUS_EQUAL(status, status_timeout)) + { TALLOC_FREE(domain->private_data); - status = idmap_ad_query_user(domain, info); + return NT_STATUS_HOST_UNREACHABLE; } return status; @@ -978,7 +985,7 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, rc = tldap_search(ctx->ld, ctx->default_nc, TLDAP_SCOPE_SUB, filter, attrs, ARRAY_SIZE(attrs), 0, NULL, 0, NULL, 0, - 0, 0, 0, talloc_tos(), &msgs); + ctx->ldap_timeout, 0, 0, talloc_tos(), &msgs); if (!TLDAP_RC_IS_SUCCESS(rc)) { return NT_STATUS_LDAP(TLDAP_RC_V(rc)); } @@ -1142,7 +1149,7 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, rc = tldap_search(ctx->ld, ctx->default_nc, TLDAP_SCOPE_SUB, filter, attrs, ARRAY_SIZE(attrs), 0, NULL, 0, NULL, 0, - 0, 0, 0, talloc_tos(), &msgs); + ctx->ldap_timeout, 0, 0, talloc_tos(), &msgs); if (!TLDAP_RC_IS_SUCCESS(rc)) { return NT_STATUS_LDAP(TLDAP_RC_V(rc)); } @@ -1249,13 +1256,17 @@ static NTSTATUS idmap_ad_unixids_to_sids_retry(struct idmap_domain *dom, { const NTSTATUS status_server_down = NT_STATUS_LDAP(TLDAP_RC_V(TLDAP_SERVER_DOWN)); + const NTSTATUS status_timeout = + NT_STATUS_LDAP(TLDAP_RC_V(TLDAP_TIMEOUT)); NTSTATUS status; status = idmap_ad_unixids_to_sids(dom, ids); - if (NT_STATUS_EQUAL(status, status_server_down)) { + if (NT_STATUS_EQUAL(status, status_server_down) || + NT_STATUS_EQUAL(status, status_timeout)) + { TALLOC_FREE(dom->private_data); - status = idmap_ad_unixids_to_sids(dom, ids); + return NT_STATUS_HOST_UNREACHABLE; } return status; @@ -1266,13 +1277,17 @@ static NTSTATUS idmap_ad_sids_to_unixids_retry(struct idmap_domain *dom, { const NTSTATUS status_server_down = NT_STATUS_LDAP(TLDAP_RC_V(TLDAP_SERVER_DOWN)); + const NTSTATUS status_timeout = + NT_STATUS_LDAP(TLDAP_RC_V(TLDAP_TIMEOUT)); NTSTATUS status; status = idmap_ad_sids_to_unixids(dom, ids); - if (NT_STATUS_EQUAL(status, status_server_down)) { + if (NT_STATUS_EQUAL(status, status_server_down) || + NT_STATUS_EQUAL(status, status_timeout)) + { TALLOC_FREE(dom->private_data); - status = idmap_ad_sids_to_unixids(dom, ids); + return NT_STATUS_HOST_UNREACHABLE; } return status; diff --git a/source3/winbindd/wb_queryuser.c b/source3/winbindd/wb_queryuser.c index db8e946ba71..0f318f8b631 100644 --- a/source3/winbindd/wb_queryuser.c +++ b/source3/winbindd/wb_queryuser.c @@ -279,6 +279,7 @@ static void wb_queryuser_done(struct tevent_req *subreq) NTSTATUS status, result; bool need_group_name = false; const char *tmpl = NULL; + uint32_t dsgetdcname_flags = DS_RETURN_DNS_NAME; status = dcerpc_wbint_GetNssInfo_recv(subreq, info, &result); TALLOC_FREE(subreq); @@ -287,6 +288,13 @@ static void wb_queryuser_done(struct tevent_req *subreq) return; } + if (NT_STATUS_EQUAL(result, NT_STATUS_HOST_UNREACHABLE)) { + winbind_idmap_add_failed_connection_entry(info->domain_name); + /* Trigger DC lookup and reconnect below */ + result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; + dsgetdcname_flags |= DS_FORCE_REDISCOVERY; + } + if (NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) && !state->tried_dclookup) { const char *domain_name = find_dns_domain_name( @@ -301,7 +309,7 @@ static void wb_queryuser_done(struct tevent_req *subreq) domain_name, NULL, NULL, - DS_RETURN_DNS_NAME); + dsgetdcname_flags); if (tevent_req_nomem(subreq, req)) { return; } diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c index 03e5e7e0258..f5ff9223034 100644 --- a/source3/winbindd/wb_sids2xids.c +++ b/source3/winbindd/wb_sids2xids.c @@ -598,6 +598,7 @@ static void wb_sids2xids_done(struct tevent_req *subreq) NTSTATUS status, result; const struct wbint_TransIDArray *src = NULL; struct wbint_TransIDArray *dst = NULL; + uint32_t dsgetdcname_flags = DS_RETURN_DNS_NAME; uint32_t si; status = dcerpc_wbint_Sids2UnixIDs_recv(subreq, state, &result); @@ -608,6 +609,15 @@ static void wb_sids2xids_done(struct tevent_req *subreq) return; } + if (NT_STATUS_EQUAL(result, NT_STATUS_HOST_UNREACHABLE)) { + struct lsa_DomainInfo *d = + &state->idmap_doms.domains[state->dom_index]; + winbind_idmap_add_failed_connection_entry(d->name.string); + /* Trigger DC lookup and reconnect below */ + result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; + dsgetdcname_flags |= DS_FORCE_REDISCOVERY; + } + if (NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) && !state->tried_dclookup) { @@ -627,7 +637,7 @@ static void wb_sids2xids_done(struct tevent_req *subreq) domain_name, NULL, NULL, - DS_RETURN_DNS_NAME); + dsgetdcname_flags); if (tevent_req_nomem(subreq, req)) { return; } diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index 6fcf524d94f..0384740d17d 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -130,6 +130,7 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq) struct wb_xids2sids_dom_state *state = tevent_req_data( req, struct wb_xids2sids_dom_state); const struct wb_parent_idmap_config_dom *dom_map = state->dom_map; + uint32_t dsgetdcname_flags = DS_RETURN_DNS_NAME; NTSTATUS status, result; size_t i; size_t dom_sid_idx; @@ -140,6 +141,13 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq) return; } + if (NT_STATUS_EQUAL(result, NT_STATUS_HOST_UNREACHABLE)) { + winbind_idmap_add_failed_connection_entry(dom_map->name); + /* Trigger DC lookup and reconnect below */ + result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; + dsgetdcname_flags |= DS_FORCE_REDISCOVERY; + } + if (NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) && !state->tried_dclookup) { @@ -151,7 +159,7 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq) domain_name, NULL, NULL, - DS_RETURN_DNS_NAME); + dsgetdcname_flags); if (tevent_req_nomem(subreq, req)) { return; } diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index d52deccf430..2c18aeba060 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -88,6 +88,8 @@ #include "lib/util/string_wrappers.h" #include "lib/global_contexts.h" #include "librpc/gen_ndr/ndr_winbind_c.h" +#include "source3/libsmb/namequery.h" +#include "source3/libsmb/dsgetdcname.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND @@ -336,6 +338,56 @@ void winbind_add_failed_connection_entry( winbindd_unset_locator_kdc_env(domain); } +void winbind_idmap_add_failed_connection_entry(const char *_domain_name) +{ + struct netr_DsRGetDCNameInfo *dcinfo = NULL; + const char *dc_unc = NULL; + const char *dc_address = NULL; + char *domain_name = NULL; + struct winbindd_domain *domain = NULL; + NTSTATUS failed_status = NT_STATUS_HOST_UNREACHABLE; + NTSTATUS status; + + domain_name = talloc_strdup_upper(talloc_tos(), _domain_name); + if (domain_name == NULL) { + DBG_ERR("talloc_strdup_upper failed\n"); + return; + } + + status = wb_dsgetdcname_gencache_get(talloc_tos(), domain_name, &dcinfo); + if (!NT_STATUS_IS_OK(status)) { + DBG_DEBUG("Missing DC cache for domain '%s'\n", domain_name); + goto done; + } + + dc_unc = dcinfo->dc_unc; + while (dc_unc[0] == '\\') { + dc_unc++; + } + dc_address = dcinfo->dc_address; + while (dc_address[0] == '\\') { + dc_address++; + } + + add_failed_connection_entry(domain_name, dc_unc, failed_status); + add_failed_connection_entry(domain_name, dc_address, failed_status); + + domain = find_domain_from_name_noinit(domain_name); + if (domain == NULL) { + goto done; + } + if (domain->alt_name == NULL) { + goto done; + } + + add_failed_connection_entry(domain->alt_name, dc_unc, failed_status); + add_failed_connection_entry(domain->alt_name, dc_address, failed_status); + +done: + TALLOC_FREE(domain_name); + TALLOC_FREE(dcinfo); +} + /* Choose between anonymous or authenticated connections. We need to use an authenticated connection if DCs have the RestrictAnonymous registry entry set > 0, or the "Additional restrictions for anonymous diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index cf18266628c..3708fd2150c 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -210,6 +210,7 @@ void winbind_add_failed_connection_entry( const struct winbindd_domain *domain, const char *server, NTSTATUS result); +void winbind_idmap_add_failed_connection_entry(const char *domain_name); struct cli_credentials; NTSTATUS winbindd_get_trust_credentials(struct winbindd_domain *domain, -- 2.50.1 From 09201eba53c35b906b209a97a8937480803d6400 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 24 Jul 2025 12:55:30 +0200 Subject: [PATCH 3/4] libads: reverse termination condition in netlogon_pings_done() No change in behaviour, prepares for upcoming change and minimizes its diff. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844 Signed-off-by: Ralph Boehme Reviewed-by: Guenther Deschner (cherry picked from commit 6643d1fb3375903e2857e5bff33b39a4562c5a4d) --- source3/libads/netlogon_ping.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/source3/libads/netlogon_ping.c b/source3/libads/netlogon_ping.c index 22f5a56b395..76263a72d71 100644 --- a/source3/libads/netlogon_ping.c +++ b/source3/libads/netlogon_ping.c @@ -822,17 +822,18 @@ static void netlogon_pings_done(struct tevent_req *subreq) tevent_req_done(req); return; } - if (state->num_received == state->num_servers) { + if (state->num_received < state->num_servers) { /* - * Everybody replied, but we did not get enough good - * answers (see above) + * Wait for more answers */ - tevent_req_nterror(req, NT_STATUS_NOT_FOUND); return; } /* - * Wait for more answers + * Everybody replied, but we did not get enough good + * answers (see above) */ + tevent_req_nterror(req, NT_STATUS_NOT_FOUND); + return; } NTSTATUS netlogon_pings_recv(struct tevent_req *req, -- 2.50.1 From 78e1f64bd74b7dd4195ab43c43ebe771afe97caf Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 24 Jul 2025 12:59:30 +0200 Subject: [PATCH 4/4] libads: change netlogon_pings() behaviour wrt to min_servers parameter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently if a caller passes min_servers=X with X>1, netlogon_pings() will fail if it can't contact X DCs. This is not really what we want. What we want is: we want at least one DC, and up to X. Change implemenentation in that sense and rename the min_servers argument to wanted_servers to express this behaviour change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844 Signed-off-by: Ralph Boehme Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Wed Aug 13 19:31:10 UTC 2025 on atb-devel-224 (cherry picked from commit 85dd55a5fef0049660126bdcd48abfa1c48da259) --- source3/libads/cldap.c | 2 +- source3/libads/kerberos.c | 2 +- source3/libads/ldap.c | 2 +- source3/libads/netlogon_ping.c | 23 ++++++++++++++--------- source3/libads/netlogon_ping.h | 4 ++-- source3/libsmb/dsgetdcname.c | 2 +- source4/libnet/libnet_site.c | 2 +- source4/torture/rpc/lsa.c | 2 +- 8 files changed, 22 insertions(+), 17 deletions(-) diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 96d602d9feb..fdb78454141 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -69,7 +69,7 @@ static bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, .acct_ctrl = -1, .required_flags = required_flags, }, - 1, /* min_servers */ + 1, /* wanted_servers */ timeval_current_ofs(MAX(3, lp_ldap_timeout() / 2), 0), &responses); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index c1f3f3ce356..7c83bdf7fd9 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -1223,7 +1223,7 @@ static char *get_kdc_ip_string(char *mem_ctx, .acct_ctrl = -1, .required_flags = DS_KDC_REQUIRED, }, - MIN(num_dcs, 3), /* min_servers */ + MIN(num_dcs, 3), /* wanted_servers */ timeval_current_ofs(3, 0), /* timeout */ &responses); TALLOC_FREE(dc_addrs2); diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index af467cfe390..49fa1d47298 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -501,7 +501,7 @@ again: .required_flags = ads->config.flags | DS_ONLY_LDAP_NEEDED, }, - 1, /* min_servers */ + 1, /* wanted_servers */ endtime, /* timeout */ &responses); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/libads/netlogon_ping.c b/source3/libads/netlogon_ping.c index 76263a72d71..c65244dd876 100644 --- a/source3/libads/netlogon_ping.c +++ b/source3/libads/netlogon_ping.c @@ -588,7 +588,7 @@ struct netlogon_pings_state { struct tsocket_address **servers; size_t num_servers; - size_t min_servers; + size_t wanted_servers; struct timeval timeout; enum client_netlogon_ping_protocol proto; uint32_t required_flags; @@ -610,7 +610,7 @@ struct tevent_req *netlogon_pings_send(TALLOC_CTX *mem_ctx, struct tsocket_address **servers, size_t num_servers, struct netlogon_ping_filter filter, - size_t min_servers, + size_t wanted_servers, struct timeval timeout) { struct tevent_req *req = NULL; @@ -626,7 +626,7 @@ struct tevent_req *netlogon_pings_send(TALLOC_CTX *mem_ctx, state->proto = proto; state->servers = servers; state->num_servers = num_servers; - state->min_servers = min_servers; + state->wanted_servers = wanted_servers; state->timeout = timeout; state->required_flags = filter.required_flags; @@ -685,7 +685,7 @@ struct tevent_req *netlogon_pings_send(TALLOC_CTX *mem_ctx, } state->filter = filter_str; - for (i = 0; i < min_servers; i++) { + for (i = 0; i < wanted_servers; i++) { state->reqs[i] = netlogon_ping_send(state->reqs, state->ev, state->servers[i], @@ -699,7 +699,7 @@ struct tevent_req *netlogon_pings_send(TALLOC_CTX *mem_ctx, netlogon_pings_done, req); } - state->num_sent = min_servers; + state->num_sent = wanted_servers; if (state->num_sent < state->num_servers) { /* * After 100 milliseconds fire the next one @@ -818,7 +818,7 @@ static void netlogon_pings_done(struct tevent_req *subreq) } } - if (state->num_good_received >= state->min_servers) { + if (state->num_good_received >= state->wanted_servers) { tevent_req_done(req); return; } @@ -828,8 +828,13 @@ static void netlogon_pings_done(struct tevent_req *subreq) */ return; } + if (state->num_good_received == 1) { + /* We require at least one DC */ + tevent_req_done(req); + return; + } /* - * Everybody replied, but we did not get enough good + * Everybody replied, but we did not get a single good * answers (see above) */ tevent_req_nterror(req, NT_STATUS_NOT_FOUND); @@ -857,7 +862,7 @@ NTSTATUS netlogon_pings(TALLOC_CTX *mem_ctx, struct tsocket_address **servers, int num_servers, struct netlogon_ping_filter filter, - int min_servers, + int wanted_servers, struct timeval timeout, struct netlogon_samlogon_response ***responses) { @@ -876,7 +881,7 @@ NTSTATUS netlogon_pings(TALLOC_CTX *mem_ctx, servers, num_servers, filter, - min_servers, + wanted_servers, timeout); if (req == NULL) { goto fail; diff --git a/source3/libads/netlogon_ping.h b/source3/libads/netlogon_ping.h index d50c0a47936..6063c4e8a28 100644 --- a/source3/libads/netlogon_ping.h +++ b/source3/libads/netlogon_ping.h @@ -45,7 +45,7 @@ struct tevent_req *netlogon_pings_send(TALLOC_CTX *mem_ctx, struct tsocket_address **servers, size_t num_servers, struct netlogon_ping_filter filter, - size_t min_servers, + size_t wanted_servers, struct timeval timeout); NTSTATUS netlogon_pings_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, @@ -55,7 +55,7 @@ NTSTATUS netlogon_pings(TALLOC_CTX *mem_ctx, struct tsocket_address **servers, int num_servers, struct netlogon_ping_filter filter, - int min_servers, + int wanted_servers, struct timeval timeout, struct netlogon_samlogon_response ***responses); diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index 695f0c38d85..97633317903 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -871,7 +871,7 @@ static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx, .domain = domain_name, .required_flags = flags, }, - 1, /* min_servers */ + 1, /* wanted_servers */ timeval_current_ofs(MAX(3, lp_ldap_timeout() / 2), 0), &responses); diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c index 9ee51f3ee86..d60dc9846b1 100644 --- a/source4/libnet/libnet_site.c +++ b/source4/libnet/libnet_site.c @@ -74,7 +74,7 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li NETLOGON_NT_VERSION_5EX, .acct_ctrl = -1, }, - 1, /* min_servers */ + 1, /* wanted_servers */ tevent_timeval_current_ofs(2, 0), /* timeout */ &responses); diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index bac0f29695e..3fbbd0ccafb 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -4456,7 +4456,7 @@ static bool check_dom_trust_pw(struct dcerpc_pipe *p, : ACB_DOMTRUST, .user = account, }, - 1, /* min_servers */ + 1, /* wanted_servers */ tevent_timeval_current_ofs(2, 0), /* timeout */ &responses); torture_assert_ntstatus_ok(tctx, status, "netlogon_pings"); -- 2.50.1