From 6a6e64eaaa22d1e3ef06a79965408770ead63f88 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Wed, 25 May 2011 10:49:41 -0400 Subject: [PATCH] s3-winbind: BUG 8166 - Don't lockout users when offline. Windows does not track bad password attempts when offline. We were locking users out but not honoring the lockout duration. Autobuild-User: Jim McDonough Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104 (cherry picked from commit b58534f1fca27e3e72f4f4107538ec05734bd42a) --- source3/winbindd/winbindd_pam.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 412ec83..6b87482 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -993,7 +993,10 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, } - /* User does *NOT* know the correct password, modify info3 accordingly */ + /* User does *NOT* know the correct password, modify info3 accordingly, but only if online */ + if (domain->online == false) { + goto failed; + } /* failure of this is not critical */ result = get_max_bad_attempts_from_lockout_policy(domain, state->mem_ctx, &max_allowed_bad_attempts); -- 1.7.4.2