s3: Always try SamLogonEx

Required for cluster systems working in a Samba domain. With NT4 this won't
work, but real NT4 DCs should not be around in environments that pay big bucks
for a cluster... And if they are, they can always install a Samba DC trusting
that NT4 domain.

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 95e1daf0b7183041f07c396b9bfcecb0a30aec88..e310d426a28ee01a53e897a4715e0dcf73bfd3b1 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2471,9 +2471,13 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
        }
 
        /*
-        * Try NetSamLogonEx for AD domains
+        * Always try netr_LogonSamLogonEx. We will fall back for NT4
+        * which gives DCERPC_FAULT_OP_RNG_ERROR (function not
+        * supported). We used to only try SamLogonEx for AD, but
+        * Samba DCs can also do it. And because we don't distinguish
+        * between Samba and NT4, always try it once.
         */
-       domain->can_do_samlogon_ex = domain->active_directory;
+       domain->can_do_samlogon_ex = true;
 
        *cli = conn->netlogon_pipe;
        return NT_STATUS_OK;