The Samba-Bugzilla – Attachment 8183 Details for
Bug 9386
Winbind does't failover to next DC if netlogon is not available.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
master patch
0001-BUG-9386-Failover-if-netlogon-pipe-is-not-available.patch (text/plain), 3.02 KB, created by
Andreas Schneider
on 2012-11-12 11:32:33 UTC
(
hide
)
Description:
master patch
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2012-11-12 11:32:33 UTC
Size:
3.02 KB
patch
obsolete
>From 3f89ad1c11902cc947080a56ebf48430f8f69290 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 9 Nov 2012 15:33:09 +0100 >Subject: [PATCH] BUG 9386: Failover if netlogon pipe is not available. > >Samba continues to query a broken DC while the DC did not finish to >rebuild Sysvol (after a Windows crash, for example). It causes end users >to received strange codes while trying to authenticate, even if there is >a secondary DC available. > >Signed-off-by: Andreas Schneider <asn@samba.org> >--- > source3/winbindd/winbindd_pam.c | 52 ++++++++++++++++++++++++++++++----------- > 1 file changed, 39 insertions(+), 13 deletions(-) > >diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c >index 5b6b77b..b23d421 100644 >--- a/source3/winbindd/winbindd_pam.c >+++ b/source3/winbindd/winbindd_pam.c >@@ -1175,6 +1175,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, > struct netr_SamInfo3 **info3) > { > int attempts = 0; >+ int netr_attempts = 0; > bool retry = false; > NTSTATUS result; > >@@ -1189,22 +1190,47 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, > result = cm_connect_netlogon(domain, &netlogon_pipe); > > if (!NT_STATUS_IS_OK(result)) { >- DEBUG(3,("could not open handle to NETLOGON pipe (error: %s)\n", >- nt_errstr(result))); >- if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) { >- if (attempts > 0) { >- DEBUG(3, ("This is the second problem for this " >- "particular call, forcing the close of " >- "this connection\n")); >- invalidate_cm_connection(&domain->conn); >- } else { >- DEBUG(3, ("First call to cm_connect_netlogon " >- "has timed out, retrying\n")); >- continue; >- } >+ DEBUG(3,("Could not open handle to NETLOGON pipe " >+ "(error: %s, attempts: %d)\n", >+ nt_errstr(result), netr_attempts)); >+ >+ /* After the first retry always close the connection */ >+ if (netr_attempts > 0) { >+ DEBUG(3, ("This is again a problem for this " >+ "particular call, forcing the close " >+ "of this connection\n")); >+ invalidate_cm_connection(&domain->conn); >+ } >+ >+ /* After the second retry failover to the next DC */ >+ if (netr_attempts > 1) { >+ /* >+ * If the netlogon server is not reachable then >+ * it is possible that the DC is rebuilding >+ * sysvol and shutdown netlogon for that time. >+ * We should failover to the next dc. >+ */ >+ DEBUG(3, ("This is the third problem for this " >+ "particular call, adding DC to the " >+ "negative cache list\n")); >+ add_failed_connection_entry(domain->name, >+ domain->dcname, >+ result); >+ saf_delete(domain->name); >+ } >+ >+ /* Only allow 3 retries */ >+ if (netr_attempts < 3) { >+ DEBUG(3, ("The connection to netlogon " >+ "failed, retrying\n")); >+ netr_attempts++; >+ retry = true; >+ continue; > } > return result; > } >+ netr_attempts = 0; >+ > auth = netlogon_pipe->auth; > if (netlogon_pipe->dc) { > neg_flags = netlogon_pipe->dc->negotiate_flags; >-- >1.8.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 9386
: 8183 |
8187