The Samba-Bugzilla – Bug 2988
Authentication against expired account in trusted domain returns NT_STATUS_NO_LOGON_SERVERS
Last modified: 2005-08-29 06:47:55 UTC
Samba DC running samba3 branch from svn.
Windows NT 4 sp6 DC is trusted by Samba DC.
Win2k member of Samba DC.
When you log into win2k member as an expired account on the NT 4 domain Samba
responds in the netlogon RPC with STATUS_NO_LOGON_SERVERS. The code that does
this is in:
auth/auth_winbind.c:check_winbind_security(). We only fill in the info3
structure when the return from winbindd_request_response is NSS_STATUS_SUCCESS.
I think this structure needs filled in for the case of a failed auth with a
user with an expired password from the trusted domain.
I did some traces of the same situation in a Windows only environment and found
that the info3 structure is not filled in for this case, only the return code is
different, STATUS_PASSWORD_EXPIRED instead of STATUS_NO_LOGON_SERVERS.
fixed by vl in revision 9709.