r9261: Fix #2976: windows member servers wouldn't alloc connections from users

defined locally because if we didn't find them as a DC we were marking
the response as authoritative.  Now if it's not a domain we know, we
mark the response non-authoritative.

Fix from jpjanosi@us.ibm.com
(This used to be commit d522277b86ff728f6f2b9feb2f8e3fa38c43d162)

diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 388d649c3c161d8a84c12c9e2c074848f6fe4673..78ff669d0750f4a5ae2def4defdee7e1ffbf48bf 100644 (file)
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -716,6 +716,15 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
        /* Check account and password */
     
        if (!NT_STATUS_IS_OK(status)) {
+               /* If we don't know what this domain is, we need to 
+                  indicate that we are not authoritative.  This 
+                  allows the client to decide if it needs to try 
+                  a local user.  Fix by jpjanosi@us.ibm.com, #2976 */
+                if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER) 
+                    && !strequal(nt_domain, get_global_sam_name())
+                    && !is_trusted_domain(nt_domain) )
+                       r_u->auth_resp = 0; /* We are not authoritative */
+
                free_server_info(&server_info);
                return status;
        }