We are having issues with Authentication failures using AuthByLSA when the
workstation fails over to another Domain Controller.
The issue is that we do a group membership check in our AuthByLSA Handler.
It appears from the code below that if you don’t specify a DC it picks one the
first time it checks for group membership and keeps using it even if the DC
becomes
unavailable.
Code is from the method “userIsInGroup” in AuthByLSA.pm.
# Find the controller to use
my $controller = $self->{DomainController};
if (!defined $controller)
{
$controller = $self->{controllers}{$domain};
if (!defined $controller)
{
&Win32::NetAdmin::GetAnyDomainController(undef, $domain,
$controller);
$self->{controllers}{$domain} = $controller;
}
}
$self->log($main::LOG_DEBUG, "Checking LSA Group membership for
$controller, $group, $username");
return &Win32::NetAdmin::GroupIsMember($controller, $group, $username)
|| &Win32::NetAdmin::LocalGroupIsMember($controller, $group, $username);
Is it possible to add code to check for a DC failure and then repeat the call
to “Win32::NetAdmin::GetAnyDomainController” in this subroutine?
Thanks.
-Neil
--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
E-Mail: neil-john...@uiowa.edu
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
