Fix up 'net ads join' to delete and rejoin if the account already exists.

This fixes up a problem where a machine would join (or downgrade by trust
password change) to NT4 membership and not be able to regain full ADS
membership until a 'net ads leave'.

Andrew Bartlett

diff --git a/source/libads/ldap.c b/source/libads/ldap.c
index c616f09b6e578e3140361bc5791b28b5039686ec..2e93e11603a61bcd15c1b1edb492a9841965e1bd 100644 (file)
--- a/source/libads/ldap.c
+++ b/source/libads/ldap.c
@@ -321,8 +321,13 @@ ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *hostname, const char *org
 
        status = ads_find_machine_acct(ads, (void **)&res, host);
        if (ADS_ERR_OK(status) && ads_count_replies(ads, res) == 1) {
-               DEBUG(0, ("Host account for %s already exists\n", host));
-               return ADS_SUCCESS;
+               DEBUG(0, ("Host account for %s already exists - deleting for readd\n", host));
+               status = ads_leave_realm(ads, host);
+               if (!ADS_ERR_OK(status)) {
+                       DEBUG(0, ("Failed to delete host '%s' from the '%s' realm.\n", 
+                                 host, ads->realm));
+                       return status;
+               }
        }
 
        status = ads_add_machine_acct(ads, host, org_unit);

diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c
index a3b22485cf7e744a7fde6d9effb40996ef91caab..7649a88ffdd56778ccb7583778f2b387baf2252f 100644 (file)
--- a/source/libsmb/cliconnect.c
+++ b/source/libsmb/cliconnect.c
@@ -1257,7 +1257,7 @@ again:
        if (!cli_negprot(cli))
        {
                DEBUG(1,("failed negprot\n"));
-               nt_status = cli_nt_error(cli);
+               nt_status = NT_STATUS_UNSUCCESSFUL;
                cli_shutdown(cli);
                return nt_status;
        }