From 44a434a3019de2f9e807ba819b9cb6b47b4815df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Tue, 28 Jun 2011 23:59:11 +0200 Subject: [PATCH] s3-winbind: Fix bug 7888 -- deal with buggy 3.0 based PDCs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Autobuild-User: Günther Deschner Autobuild-Date: Thu Jun 30 00:42:23 CEST 2011 on sn-devel-104 --- source3/winbindd/winbindd_pam.c | 26 +++++++++++++++++++------- 1 files changed, 19 insertions(+), 7 deletions(-) diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 910e429..21b237a 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1250,18 +1250,30 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, info3); } - if (NT_STATUS_EQUAL(result, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE) - && domain->can_do_samlogon_ex) { - DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " - "retrying with NetSamLogon\n")); - domain->can_do_samlogon_ex = false; + if (NT_STATUS_EQUAL(result, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { + /* * It's likely that the server also does not support * validation level 6 */ domain->can_do_validation6 = false; - retry = true; - continue; + + if (domain->can_do_samlogon_ex) { + DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " + "retrying with NetSamLogon\n")); + domain->can_do_samlogon_ex = false; + retry = true; + continue; + } + + + /* Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon + * (no Ex). This happens against old Samba + * DCs. Drop the connection. + */ + invalidate_cm_connection(&domain->conn); + result = NT_STATUS_LOGON_FAILURE; + break; } if (domain->can_do_validation6 && -- 1.7.5.4