Confusing message when pass-through auth fails with ACCESS_DENIED

Fri Oct 9 15:43:43 UTC 2015

Hi folks,

I think that something like this error message is much better:

--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1429,7 +1429,8 @@ static NTSTATUS
winbind_samlogon_retry_loop(struct winbindd_domain *domain,

                if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
                        DEBUG(3,("winbind_samlogon_retry_loop:
sam_logon returned "
-                                "ACCESS_DENIED.  Maybe the trust account "
+                                "ACCESS_DENIED.  Maybe the DC does not allow"
+                                " passthrough auth or the trust account "
                                "password was changed and we didn't know it. "
                                 "Killing connections to domain %s\n",
                                domainname));

Any comments?

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)

