[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Tue Nov 13 01:47:08 MST 2012
The branch, v3-6-test has been updated
via 8ba1bdf s3:winbind: BUG 9386: Failover if netlogon pipe is not available.
from 5fbedc1 lib/krb5_wrap: request enc_types in the correct order (bug #9272)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 8ba1bdfe5ee784c6652c329760a8226e9da4a8a8
Author: Andreas Schneider <asn at samba.org>
Date: Fri Nov 9 15:33:09 2012 +0100
s3:winbind: BUG 9386: Failover if netlogon pipe is not available.
Samba continues to query a broken DC while the DC did not finish to
rebuild Sysvol (after a Windows crash, for example). It causes end users
to received strange codes while trying to authenticate, even if there is
a secondary DC available.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Nov 12 18:57:18 CET 2012 on sn-devel-104
(cherry picked from commit 3b01dd5f59841b11e9906b8c23345946e0d0ea8c)
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_pam.c | 52 +++++++++++++++++++++++++++++---------
1 files changed, 39 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 619b632..a966202 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1152,6 +1152,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
struct netr_SamInfo3 **info3)
{
int attempts = 0;
+ int netr_attempts = 0;
bool retry = false;
NTSTATUS result;
@@ -1166,22 +1167,47 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
result = cm_connect_netlogon(domain, &netlogon_pipe);
if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3,("could not open handle to NETLOGON pipe (error: %s)\n",
- nt_errstr(result)));
- if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
- if (attempts > 0) {
- DEBUG(3, ("This is the second problem for this "
- "particular call, forcing the close of "
- "this connection\n"));
- invalidate_cm_connection(&domain->conn);
- } else {
- DEBUG(3, ("First call to cm_connect_netlogon "
- "has timed out, retrying\n"));
- continue;
- }
+ DEBUG(3,("Could not open handle to NETLOGON pipe "
+ "(error: %s, attempts: %d)\n",
+ nt_errstr(result), netr_attempts));
+
+ /* After the first retry always close the connection */
+ if (netr_attempts > 0) {
+ DEBUG(3, ("This is again a problem for this "
+ "particular call, forcing the close "
+ "of this connection\n"));
+ invalidate_cm_connection(&domain->conn);
+ }
+
+ /* After the second retry failover to the next DC */
+ if (netr_attempts > 1) {
+ /*
+ * If the netlogon server is not reachable then
+ * it is possible that the DC is rebuilding
+ * sysvol and shutdown netlogon for that time.
+ * We should failover to the next dc.
+ */
+ DEBUG(3, ("This is the third problem for this "
+ "particular call, adding DC to the "
+ "negative cache list\n"));
+ add_failed_connection_entry(domain->name,
+ domain->dcname,
+ result);
+ saf_delete(domain->name);
+ }
+
+ /* Only allow 3 retries */
+ if (netr_attempts < 3) {
+ DEBUG(3, ("The connection to netlogon "
+ "failed, retrying\n"));
+ netr_attempts++;
+ retry = true;
+ continue;
}
return result;
}
+ netr_attempts = 0;
+
auth = netlogon_pipe->auth;
if (netlogon_pipe->dc) {
neg_flags = netlogon_pipe->dc->negotiate_flags;
--
Samba Shared Repository
More information about the samba-cvs
mailing list