Bug 2988 - Authentication against expired account in trusted domain returns NT_STATUS_NO_LOGON_SERVERS
Authentication against expired account in trusted domain returns NT_STATUS_NO...
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control
3.0.14a
All Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-12 09:07 UTC by John Janosik
Modified: 2005-08-29 06:47 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Janosik 2005-08-12 09:07:10 UTC
Environment is:

Samba DC running samba3 branch from svn.
Windows NT 4 sp6 DC is trusted by Samba DC.
Win2k member of Samba DC.

When you log into win2k member as an expired account on the NT 4 domain Samba
responds in the netlogon RPC with STATUS_NO_LOGON_SERVERS.  The code that does
this is in:

auth/auth_winbind.c:check_winbind_security().  We only fill in the info3
structure when the return from  winbindd_request_response is NSS_STATUS_SUCCESS.
 I think this structure needs filled in for the case of a failed auth with a
user with an expired password from the trusted domain.
Comment 1 John Janosik 2005-08-18 09:13:48 UTC
I did some traces of the same situation in a Windows only environment and found
that the info3 structure is not filled in for this case, only the return code is
different, STATUS_PASSWORD_EXPIRED instead of STATUS_NO_LOGON_SERVERS.
Comment 2 John Janosik 2005-08-29 06:47:55 UTC
fixed by vl in revision 9709.