Confusing message when pass-through auth fails with ACCESS_DENIED
Richard Sharpe
realrichardsharpe at gmail.com
Fri Oct 9 15:43:43 UTC 2015
Hi folks,
I think that something like this error message is much better:
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1429,7 +1429,8 @@ static NTSTATUS
winbind_samlogon_retry_loop(struct winbindd_domain *domain,
if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
DEBUG(3,("winbind_samlogon_retry_loop:
sam_logon returned "
- "ACCESS_DENIED. Maybe the trust account "
+ "ACCESS_DENIED. Maybe the DC does not allow"
+ " passthrough auth or the trust account "
"password was changed and we didn't know it. "
"Killing connections to domain %s\n",
domainname));
Any comments?
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list