From: Günther Deschner Date: Fri, 16 Feb 2007 13:30:19 +0000 (+0000) Subject: r21382: Important fix for winbind when using non-AD domains. X-Git-Tag: initial-v3-0-unstable~1110 X-Git-Url: http://git.samba.org/samba.git/?p=tprouty%2Fsamba.git;a=commitdiff_plain;h=c6f63a08f55a4121cbe5aac537d2ef983dc25a97 r21382: Important fix for winbind when using non-AD domains. Jeremy, I'm afraid you removed the "domain->initialized" from the set_dc_types_and_flags() call when the connect to PI_LSARPC_DS failed (with rev. 19148). This causes now that init_dc_connection_network is called again and again which in turn rescans the DC each time (which of course fails each time with NT_STATUS_BUFFER_TOO_SMALL). Just continue with the non-PI_LSARPC_DS scan so that the domain is initialized properly. Guenther --- diff --git a/source/nsswitch/winbindd_cm.c b/source/nsswitch/winbindd_cm.c index e1434ef32b..ccf6b20a9f 100644 --- a/source/nsswitch/winbindd_cm.c +++ b/source/nsswitch/winbindd_cm.c @@ -1539,7 +1539,12 @@ static void set_dc_type_and_flags( struct winbindd_domain *domain ) DEBUG(5, ("set_dc_type_and_flags: Could not bind to " "PI_LSARPC_DS on domain %s: (%s)\n", domain->name, nt_errstr(result))); - return; + + /* if this is just a non-AD domain we need to continue + * identifying so that we can in the end return with + * domain->initialized = True - gd */ + + goto no_lsarpc_ds; } result = rpccli_ds_getprimarydominfo(cli, cli->cli->mem_ctx, @@ -1561,6 +1566,7 @@ static void set_dc_type_and_flags( struct winbindd_domain *domain ) domain->native_mode = False; } +no_lsarpc_ds: cli = cli_rpc_pipe_open_noauth(domain->conn.cli, PI_LSARPC, &result); if (cli == NULL) { diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c index 547f300f3a..61f5ee51bd 100644 --- a/source/rpc_client/cli_pipe.c +++ b/source/rpc_client/cli_pipe.c @@ -2261,7 +2261,13 @@ struct rpc_pipe_client *cli_rpc_pipe_open_noauth(struct cli_state *cli, int pipe *perr = rpc_pipe_bind(result, PIPE_AUTH_TYPE_NONE, PIPE_AUTH_LEVEL_NONE); if (!NT_STATUS_IS_OK(*perr)) { - DEBUG(0, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe %s failed with error %s\n", + int lvl = 0; + if (pipe_idx == PI_LSARPC_DS) { + /* non AD domains just don't have this pipe, avoid + * level 0 statement in that case - gd */ + lvl = 3; + } + DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe %s failed with error %s\n", cli_get_pipe_name(pipe_idx), nt_errstr(*perr) )); cli_rpc_pipe_close(result); return NULL;