r21382: Important fix for winbind when using non-AD domains.

Jeremy, I'm afraid you removed the "domain->initialized" from the
set_dc_types_and_flags() call when the connect to PI_LSARPC_DS failed
(with rev. 19148).

This causes now that init_dc_connection_network is called again and
again which in turn rescans the DC each time (which of course fails each
time with NT_STATUS_BUFFER_TOO_SMALL). Just continue with the
non-PI_LSARPC_DS scan so that the domain is initialized properly.

Guenther

diff --git a/source/nsswitch/winbindd_cm.c b/source/nsswitch/winbindd_cm.c
index e1434ef32bbbe9612feda6b54622517249ca79dc..ccf6b20a9f0006a56db8edd86778feab69ce14c9 100644 (file)
--- a/source/nsswitch/winbindd_cm.c
+++ b/source/nsswitch/winbindd_cm.c
@@ -1539,7 +1539,12 @@ static void set_dc_type_and_flags( struct winbindd_domain *domain )
                DEBUG(5, ("set_dc_type_and_flags: Could not bind to "
                          "PI_LSARPC_DS on domain %s: (%s)\n",
                          domain->name, nt_errstr(result)));
-               return;
+
+               /* if this is just a non-AD domain we need to continue
+                * identifying so that we can in the end return with
+                * domain->initialized = True - gd */
+
+               goto no_lsarpc_ds;
        }
 
        result = rpccli_ds_getprimarydominfo(cli, cli->cli->mem_ctx,
@@ -1561,6 +1566,7 @@ static void set_dc_type_and_flags( struct winbindd_domain *domain )
                domain->native_mode = False;
        }
 
+no_lsarpc_ds:
        cli = cli_rpc_pipe_open_noauth(domain->conn.cli, PI_LSARPC, &result);
 
        if (cli == NULL) {

diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c
index 547f300f3aec8e803b690d1e5e76b41ea555173d..61f5ee51bd0acf4b08aeb042788eadf1644098b4 100644 (file)
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@@ -2261,7 +2261,13 @@ struct rpc_pipe_client *cli_rpc_pipe_open_noauth(struct cli_state *cli, int pipe
 
        *perr = rpc_pipe_bind(result, PIPE_AUTH_TYPE_NONE, PIPE_AUTH_LEVEL_NONE);
        if (!NT_STATUS_IS_OK(*perr)) {
-               DEBUG(0, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe %s failed with error %s\n",
+               int lvl = 0;
+               if (pipe_idx == PI_LSARPC_DS) {
+                       /* non AD domains just don't have this pipe, avoid
+                        * level 0 statement in that case - gd */
+                       lvl = 3;
+               }
+               DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe %s failed with error %s\n",
                        cli_get_pipe_name(pipe_idx), nt_errstr(*perr) ));
                cli_rpc_pipe_close(result);
                return NULL;