Before this change, it would always possibly choose another server at
random despite later using the original principal when it got back to
the connection initialization in the the winbind connection manager.
This caused bizarre authentication failures.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
char *workgroup;
char *ldap_server;
bool gc; /* Is this a global catalog server? */
+ bool no_fallback; /* Bail if the ldap_server is not available */
} server;
/* info needed to authenticate */
if (ads->server.gc == true) {
return ADS_ERROR(LDAP_OPERATIONS_ERROR);
}
+
+ if (ads->server.no_fallback) {
+ status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
+ goto out;
+ }
}
ntstatus = ads_find_dc(ads);
ads = ads_init(domain->alt_name, domain->name, addr);
ads->auth.flags |= ADS_AUTH_NO_BIND;
ads->config.flags |= request_flags;
+ ads->server.no_fallback = true;
ads_status = ads_connect(ads);
if (ADS_ERR_OK(ads_status)) {
git.samba.org / samba.git / commitdiff