r6154: fix winbindd <-> Windows 2003 sp1 issue.

Can't do LsaOpenPolicy() over schannel anymore.
This is an interesting find as it could imply that there are
other changes we haven't seen yet in sp1.

Volker, You might want to look at this for trunk.
(This used to be commit 82e3a9d9b526522376ea967c66c67b02f2c68dd8)

diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index dc2d6cfc6f63638d1da84c3a5d916b771e7c167a..e6a7df19775ae026cf48f1079971a8a143c2bb18 100644 (file)
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -376,7 +376,11 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
        got_mutex = False;
        *retry = False;
 
-       if (domain->primary || IS_DC) {
+       /* Windows 2003 SP1 does not lie LsaOpenPolicy() over schannel.
+          Returns RPC_NT_CANNOT_SUPPPORT (0xc0020041) for that call.
+          So just drop it on the lsarpc pipe */
+
+       if ( (domain->primary || IS_DC) && (pipe_index!=PI_LSARPC) ) {
                NTSTATUS status = setup_schannel( *cli, domain->name );
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(3,("schannel refused - continuing without "