The branch, v3-5-test has been updated via d7f0de0 s3-winbind: Fix bug 7888 -- deal with buggy 3.0 based PDCs. from 7024435 s3-nmbd: fix memleak in create_listen_fdset().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log ----------------------------------------------------------------- commit d7f0de06c119abad609f87121a8a4fb533e82747 Author: Günther Deschner <g...@samba.org> Date: Wed Sep 28 18:12:49 2011 +0200 s3-winbind: Fix bug 7888 -- deal with buggy 3.0 based PDCs. Guenther ----------------------------------------------------------------------- Summary of changes: source3/winbindd/winbindd_pam.c | 50 ++++++++++++++++++++++++++++----------- 1 files changed, 36 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index df83dc6..5c56b87 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1382,18 +1382,29 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain, nt_resp, &my_info3); - if ((NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) - && contact_domain->can_do_samlogon_ex) { - DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " - "retrying with NetSamLogon\n")); - contact_domain->can_do_samlogon_ex = false; + if (NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) { + /* * It's likely that the server also does not support * validation level 6 */ domain->can_do_validation6 = false; - retry = true; - continue; + + if (contact_domain->can_do_samlogon_ex) { + DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " + "retrying with NetSamLogon\n")); + contact_domain->can_do_samlogon_ex = false; + retry = true; + continue; + } + + /* Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon + * (no Ex). This happens against old Samba + * DCs. Drop the connection. + */ + invalidate_cm_connection(&contact_domain->conn); + result = NT_STATUS_LOGON_FAILURE; + break; } if (domain->can_do_validation6 && @@ -1996,18 +2007,29 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, nt_resp, &info3); - if ((NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) - && contact_domain->can_do_samlogon_ex) { - DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " - "retrying with NetSamLogon\n")); - contact_domain->can_do_samlogon_ex = false; + if (NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) { + /* * It's likely that the server also does not support * validation level 6 */ domain->can_do_validation6 = false; - retry = true; - continue; + + if (contact_domain->can_do_samlogon_ex) { + DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " + "retrying with NetSamLogon\n")); + contact_domain->can_do_samlogon_ex = false; + retry = true; + continue; + } + + /* Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon + * (no Ex). This happens against old Samba + * DCs. Drop the connection. + */ + invalidate_cm_connection(&contact_domain->conn); + result = NT_STATUS_LOGON_FAILURE; + break; } if (domain->can_do_validation6 && -- Samba Shared Repository