svn commit: samba r21633 - in branches: SAMBA_3_0/source/nsswitch
SAMBA_3_0_25/source/nsswitch
jerry at samba.org
jerry at samba.org
Thu Mar 1 14:44:25 GMT 2007
Author: jerry
Date: 2007-03-01 14:44:25 +0000 (Thu, 01 Mar 2007)
New Revision: 21633
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21633
Log:
First real fix from me found during the bug hunt.
ads_cached_connection() does not call get_dc_name()
before ads_connect() and therefore does not setup
the environment to look at krb5.conf.DOMAIN file
before sending the TGT request. The failure I'm seeing
occurs ni a multi-DC domain where we get back preuath
failed after we just joined the domain.
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c
branches/SAMBA_3_0_25/source/nsswitch/winbindd_ads.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c 2007-03-01 14:34:06 UTC (rev 21632)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c 2007-03-01 14:44:25 UTC (rev 21633)
@@ -40,6 +40,8 @@
{
ADS_STRUCT *ads;
ADS_STATUS status;
+ fstring dc_name;
+ struct in_addr dc_ip;
DEBUG(10,("ads_cached_connection\n"));
@@ -114,6 +116,12 @@
ads->auth.renewable = WINBINDD_PAM_AUTH_KRB5_RENEW_TIME;
+ /* Setup the server affinity cache. We don't reaally care
+ about the name. Just setup affinity and the KRB5_CONFIG
+ file. */
+
+ get_dc_name( "", ads->auth.realm, dc_name, &dc_ip );
+
status = ads_connect(ads);
if (!ADS_ERR_OK(status) || !ads->config.realm) {
DEBUG(1,("ads_connect for domain %s failed: %s\n",
Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_ads.c
===================================================================
--- branches/SAMBA_3_0_25/source/nsswitch/winbindd_ads.c 2007-03-01 14:34:06 UTC (rev 21632)
+++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_ads.c 2007-03-01 14:44:25 UTC (rev 21633)
@@ -40,6 +40,8 @@
{
ADS_STRUCT *ads;
ADS_STATUS status;
+ fstring dc_name;
+ struct in_addr dc_ip;
DEBUG(10,("ads_cached_connection\n"));
@@ -114,6 +116,12 @@
ads->auth.renewable = WINBINDD_PAM_AUTH_KRB5_RENEW_TIME;
+ /* Setup the server affinity cache. We don't reaally care
+ about the name. Just setup affinity and the KRB5_CONFIG
+ file. */
+
+ get_dc_name( "", ads->auth.realm, dc_name, &dc_ip );
+
status = ads_connect(ads);
if (!ADS_ERR_OK(status) || !ads->config.realm) {
DEBUG(1,("ads_connect for domain %s failed: %s\n",
More information about the samba-cvs
mailing list