svn commit: samba r21633 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch

Thu Mar 1 14:44:25 GMT 2007

Author: jerry
Date: 2007-03-01 14:44:25 +0000 (Thu, 01 Mar 2007)
New Revision: 21633

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21633

Log:
First real fix from me found during the bug hunt.

ads_cached_connection() does not call get_dc_name() 
before ads_connect() and therefore does not setup
the environment to look at krb5.conf.DOMAIN file 
before sending the TGT request.  The failure I'm seeing 
occurs ni a multi-DC domain where we get back preuath 
failed after we just joined the domain.


Modified:
   branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c
   branches/SAMBA_3_0_25/source/nsswitch/winbindd_ads.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c
===================================================================

--- branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c	2007-03-01 14:34:06 UTC (rev 21632)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c	2007-03-01 14:44:25 UTC (rev 21633)
@@ -40,6 +40,8 @@
 {
 	ADS_STRUCT *ads;
 	ADS_STATUS status;
+	fstring dc_name;
+	struct in_addr dc_ip;	
 
 	DEBUG(10,("ads_cached_connection\n"));
 
@@ -114,6 +116,12 @@
 
 	ads->auth.renewable = WINBINDD_PAM_AUTH_KRB5_RENEW_TIME;
 
+	/* Setup the server affinity cache.  We don't reaally care
+	   about the name.  Just setup affinity and the KRB5_CONFIG 
+	   file. */
+
+	get_dc_name( "", ads->auth.realm, dc_name, &dc_ip );
+	
 	status = ads_connect(ads);
 	if (!ADS_ERR_OK(status) || !ads->config.realm) {
 		DEBUG(1,("ads_connect for domain %s failed: %s\n", 

Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_ads.c
===================================================================
--- branches/SAMBA_3_0_25/source/nsswitch/winbindd_ads.c	2007-03-01 14:34:06 UTC (rev 21632)
+++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_ads.c	2007-03-01 14:44:25 UTC (rev 21633)
@@ -40,6 +40,8 @@
 {
 	ADS_STRUCT *ads;
 	ADS_STATUS status;
+	fstring dc_name;
+	struct in_addr dc_ip;	
 
 	DEBUG(10,("ads_cached_connection\n"));
 
@@ -114,6 +116,12 @@
 
 	ads->auth.renewable = WINBINDD_PAM_AUTH_KRB5_RENEW_TIME;
 
+	/* Setup the server affinity cache.  We don't reaally care
+	   about the name.  Just setup affinity and the KRB5_CONFIG 
+	   file. */
+
+	get_dc_name( "", ads->auth.realm, dc_name, &dc_ip );
+	
 	status = ads_connect(ads);
 	if (!ADS_ERR_OK(status) || !ads->config.realm) {
 		DEBUG(1,("ads_connect for domain %s failed: %s\n", 

