Index: samba/source4/kdc/wdc-samba4.c =================================================================== --- samba.orig/source4/kdc/wdc-samba4.c 2012-11-15 18:35:29.000000000 +0100 +++ samba/source4/kdc/wdc-samba4.c 2012-11-16 01:19:55.482813115 +0100 @@ -128,7 +128,7 @@ talloc_free(mem_ctx); return EINVAL; } - + if (is_in_db) { /* Now check the KDC signature, fetching the correct key based on the enc type */ ret = kdc_check_pac(context, pac_srv_sig->signature, pac_kdc_sig, krbtgt); @@ -217,7 +217,7 @@ hdb_entry_ex *client_ex, const char *client_name, hdb_entry_ex *server_ex, const char *server_name, KDC_REQ *req, - krb5_data *e_data) + METHOD_DATA *md) { struct samba_kdc_entry *kdc_entry; bool password_change; @@ -239,11 +239,19 @@ return ENOMEM; } - if (e_data) { - DATA_BLOB data; + if (md) { + int ret; + krb5_data kd; + DATA_BLOB data; samba_kdc_build_edata_reply(nt_status, &data); - *e_data = fill_krb5_data(data.data, data.length); + kd = fill_krb5_data(data.data, data.length); + ret = krb5_padata_add(context, md, + KRB5_PADATA_FX_ERROR, + kd.data, kd.length); + if (ret) { + krb5_data_free(&kd); + } } return samba_kdc_map_policy_err(nt_status);