[SCM] Samba Shared Repository - branch v3-6-test updated

Karolin Seeger kseeger at samba.org
Tue Nov 13 01:47:08 MST 2012


The branch, v3-6-test has been updated
       via  8ba1bdf s3:winbind: BUG 9386: Failover if netlogon pipe is not available.
      from  5fbedc1 lib/krb5_wrap: request enc_types in the correct order (bug #9272)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 8ba1bdfe5ee784c6652c329760a8226e9da4a8a8
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Nov 9 15:33:09 2012 +0100

    s3:winbind: BUG 9386: Failover if netlogon pipe is not available.
    
    Samba continues to query a broken DC while the DC did not finish to
    rebuild Sysvol (after a Windows crash, for example). It causes end users
    to received strange codes while trying to authenticate, even if there is
    a secondary DC available.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Mon Nov 12 18:57:18 CET 2012 on sn-devel-104
    (cherry picked from commit 3b01dd5f59841b11e9906b8c23345946e0d0ea8c)

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/winbindd_pam.c |   52 +++++++++++++++++++++++++++++---------
 1 files changed, 39 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 619b632..a966202 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1152,6 +1152,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 					    struct netr_SamInfo3 **info3)
 {
 	int attempts = 0;
+	int netr_attempts = 0;
 	bool retry = false;
 	NTSTATUS result;
 
@@ -1166,22 +1167,47 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 		result = cm_connect_netlogon(domain, &netlogon_pipe);
 
 		if (!NT_STATUS_IS_OK(result)) {
-			DEBUG(3,("could not open handle to NETLOGON pipe (error: %s)\n",
-				  nt_errstr(result)));
-			if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
-				if (attempts > 0) {
-					DEBUG(3, ("This is the second problem for this "
-						"particular call, forcing the close of "
-						"this connection\n"));
-					invalidate_cm_connection(&domain->conn);
-				} else {
-					DEBUG(3, ("First call to cm_connect_netlogon "
-						"has timed out, retrying\n"));
-					continue;
-				}
+			DEBUG(3,("Could not open handle to NETLOGON pipe "
+				 "(error: %s, attempts: %d)\n",
+				  nt_errstr(result), netr_attempts));
+
+			/* After the first retry always close the connection */
+			if (netr_attempts > 0) {
+				DEBUG(3, ("This is again a problem for this "
+					  "particular call, forcing the close "
+					  "of this connection\n"));
+				invalidate_cm_connection(&domain->conn);
+			}
+
+			/* After the second retry failover to the next DC */
+			if (netr_attempts > 1) {
+				/*
+				 * If the netlogon server is not reachable then
+				 * it is possible that the DC is rebuilding
+				 * sysvol and shutdown netlogon for that time.
+				 * We should failover to the next dc.
+				 */
+				DEBUG(3, ("This is the third problem for this "
+					  "particular call, adding DC to the "
+					  "negative cache list\n"));
+				add_failed_connection_entry(domain->name,
+							    domain->dcname,
+							    result);
+				saf_delete(domain->name);
+			}
+
+			/* Only allow 3 retries */
+			if (netr_attempts < 3) {
+				DEBUG(3, ("The connection to netlogon "
+					  "failed, retrying\n"));
+				netr_attempts++;
+				retry = true;
+				continue;
 			}
 			return result;
 		}
+		netr_attempts = 0;
+
 		auth = netlogon_pipe->auth;
 		if (netlogon_pipe->dc) {
 			neg_flags = netlogon_pipe->dc->negotiate_flags;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list