From c5b79122d9ea3945df721cb364249c5c33f35b19 Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Wed, 25 May 2011 10:49:41 -0400
Subject: [PATCH] s3-winbind: BUG 8166 - Don't lockout users when offline.

Windows does not track bad password attempts when offline.  We were locking users out but not honoring the lockout duration.

Autobuild-User: Jim McDonough <jmcd@samba.org>
Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104
(cherry picked from commit b58534f1fca27e3e72f4f4107538ec05734bd42a)
---
 source3/winbindd/winbindd_pam.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 412ec8370a5..6b874821f6c 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -993,7 +993,10 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 
 	}
 
-	/* User does *NOT* know the correct password, modify info3 accordingly */
+	/* User does *NOT* know the correct password, modify info3 accordingly, but only if online */
+	if (domain->online == false) {
+		goto failed;
+	}
 
 	/* failure of this is not critical */
 	result = get_max_bad_attempts_from_lockout_policy(domain, state->mem_ctx, &max_allowed_bad_attempts);
-- 
2.34.1