From f56922a77fb0370dce6811ce5b84c64f62ee3f2a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 5 Mar 2011 17:43:41 +0100 Subject: [PATCH] s3: Fix bug 7888 -- deal with buggy 3.0 based PDCs --- source3/winbindd/winbindd_pam.c | 31 +++++++++++++++++++++---------- 1 files changed, 21 insertions(+), 10 deletions(-) diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 44de3e3..c89097d 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1249,18 +1249,29 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, info3); } - if ((NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) - && domain->can_do_samlogon_ex) { - DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " - "retrying with NetSamLogon\n")); - domain->can_do_samlogon_ex = false; + if (NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) { + if (domain->can_do_samlogon_ex) { + DEBUG(3, ("Got a DC that can not do " + "NetSamLogonEx, retrying with " + "NetSamLogon\n")); + domain->can_do_samlogon_ex = false; + /* + * It's likely that the server also + * does not support validation level 6 + */ + domain->can_do_validation6 = false; + retry = true; + continue; + } + /* - * It's likely that the server also does not support - * validation level 6 + * Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon + * (no Ex). This happens against old Samba + * DCs. Drop the connection. */ - domain->can_do_validation6 = false; - retry = true; - continue; + invalidate_cm_connection(&domain->conn); + result = NT_STATUS_LOGON_FAILURE; + break; } if (domain->can_do_validation6 && -- 1.7.3.2