The branch, v3-6-test has been updated via d1bf6e4 s3:libnet increase timeout for machine password change via a43c682 s3: Give machine password changes 10 minutes of time from 037f9ea s3-serverid: call serverid_init_readonly() from commandline tools.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log ----------------------------------------------------------------- commit d1bf6e401a41172a47684518b9836899844fdefd Author: Christian Ambach <a...@samba.org> Date: Tue Mar 5 11:44:03 2013 +0100 s3:libnet increase timeout for machine password change DCs might run password filter modules that can delay the setting of the machine password for a significant amount of time use the same timeout as in the other paths of domain join (e.g. rpccli_netlogon_set_trust_password) Signed-off-by: Christian Ambach <a...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 9755541ed156d71df98607375ee3b925266c3c74) The last 2 patches address bug #8955 - NetrServerPasswordSet2 timeout is too short. commit a43c682553e5a731f9fbca8649ba042ae2bb5eba Author: Volker Lendecke <v...@samba.org> Date: Fri Jun 22 14:26:45 2012 +0200 s3: Give machine password changes 10 minutes of time This is what we do at domain join time as well, see lib/netapi/joindomain.c:141 Signed-off-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit b9a15f1bfad30a824f9ec87bc9f7c65adf50dae0) ----------------------------------------------------------------------- Summary of changes: source3/libnet/libnet_join.c | 9 +++++++++ source3/rpc_client/cli_netlogon.c | 13 +++++++++++++ 2 files changed, 22 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 7bb436b..e84682d 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -850,6 +850,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, struct samr_Ids name_types; union samr_UserInfo user_info; struct dcerpc_binding_handle *b = NULL; + unsigned int old_timeout = 0; struct samr_CryptPassword crypt_pwd; struct samr_CryptPasswordEx crypt_pwd_ex; @@ -1061,6 +1062,12 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, /* Set password on machine account - first try level 26 */ + /* + * increase the timeout as password filter modules on the DC + * might delay the operation for a significant amount of time + */ + old_timeout = rpccli_set_timeout(pipe_hnd, 600000); + init_samr_CryptPasswordEx(r->in.machine_password, &cli->user_session_key, &crypt_pwd_ex); @@ -1092,6 +1099,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, &result); } + old_timeout = rpccli_set_timeout(pipe_hnd, old_timeout); + if (!NT_STATUS_IS_OK(status)) { dcerpc_samr_DeleteUser(b, mem_ctx, diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index bd3232d..c69a933 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -625,11 +625,14 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, if (cli->dc->negotiate_flags & NETLOGON_NEG_PASSWORD_SET2) { struct netr_CryptPassword new_password; + uint32_t old_timeout; init_netr_CryptPassword(new_trust_pwd_cleartext, cli->dc->session_key, &new_password); + old_timeout = dcerpc_binding_handle_set_timeout(b, 600000); + status = dcerpc_netr_ServerPasswordSet2(b, mem_ctx, cli->srv_name_slash, cli->dc->account_name, @@ -639,6 +642,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, &srv_cred, &new_password, &result); + + dcerpc_binding_handle_set_timeout(b, old_timeout); + if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("dcerpc_netr_ServerPasswordSet2 failed: %s\n", nt_errstr(status))); @@ -647,9 +653,13 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, } else { struct samr_Password new_password; + uint32_t old_timeout; + memcpy(new_password.hash, new_trust_passwd_hash, sizeof(new_password.hash)); netlogon_creds_des_encrypt(cli->dc, &new_password); + old_timeout = dcerpc_binding_handle_set_timeout(b, 600000); + status = dcerpc_netr_ServerPasswordSet(b, mem_ctx, cli->srv_name_slash, cli->dc->account_name, @@ -659,6 +669,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, &srv_cred, &new_password, &result); + + dcerpc_binding_handle_set_timeout(b, old_timeout); + if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("dcerpc_netr_ServerPasswordSet failed: %s\n", nt_errstr(status))); -- Samba Shared Repository