s3-auth: Add MIT return code for KDC not reachable

This fixes authentication with local credentials against its own server
using netbios domain name.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index a12447a9c35bb9eb59e28f47d10f9fd0c8b8a458..ed6d08aeef84603ee372243a3ea624861f6a941a 100644 (file)
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -276,6 +276,7 @@ static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_securi
        case KRB5KDC_ERR_CLIENT_REVOKED:
                DEBUG(1, ("Account locked out: %s\n", error_string));
                return NT_STATUS_ACCOUNT_LOCKED_OUT;
+       case KRB5_REALM_UNKNOWN:
        case KRB5_KDC_UNREACH:
                DEBUG(3, ("Cannot reach a KDC we require to contact %s : %s\n", gensec_gssapi_state->target_principal, error_string));
                return NT_STATUS_NO_LOGON_SERVERS;