Author: jerry
Date: 2007-03-01 14:44:25 +0000 (Thu, 01 Mar 2007)
New Revision: 21633

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21633

Log:
First real fix from me found during the bug hunt.

ads_cached_connection() does not call get_dc_name() 
before ads_connect() and therefore does not setup
the environment to look at krb5.conf.DOMAIN file 
before sending the TGT request.  The failure I'm seeing 
occurs ni a multi-DC domain where we get back preuath 
failed after we just joined the domain.


Modified:
   branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c
   branches/SAMBA_3_0_25/source/nsswitch/winbindd_ads.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c   2007-03-01 14:34:06 UTC 
(rev 21632)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c   2007-03-01 14:44:25 UTC 
(rev 21633)
@@ -40,6 +40,8 @@
 {
        ADS_STRUCT *ads;
        ADS_STATUS status;
+       fstring dc_name;
+       struct in_addr dc_ip;   
 
        DEBUG(10,("ads_cached_connection\n"));
 
@@ -114,6 +116,12 @@
 
        ads->auth.renewable = WINBINDD_PAM_AUTH_KRB5_RENEW_TIME;
 
+       /* Setup the server affinity cache.  We don't reaally care
+          about the name.  Just setup affinity and the KRB5_CONFIG 
+          file. */
+
+       get_dc_name( "", ads->auth.realm, dc_name, &dc_ip );
+       
        status = ads_connect(ads);
        if (!ADS_ERR_OK(status) || !ads->config.realm) {
                DEBUG(1,("ads_connect for domain %s failed: %s\n", 

Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_ads.c
===================================================================
--- branches/SAMBA_3_0_25/source/nsswitch/winbindd_ads.c        2007-03-01 
14:34:06 UTC (rev 21632)
+++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_ads.c        2007-03-01 
14:44:25 UTC (rev 21633)
@@ -40,6 +40,8 @@
 {
        ADS_STRUCT *ads;
        ADS_STATUS status;
+       fstring dc_name;
+       struct in_addr dc_ip;   
 
        DEBUG(10,("ads_cached_connection\n"));
 
@@ -114,6 +116,12 @@
 
        ads->auth.renewable = WINBINDD_PAM_AUTH_KRB5_RENEW_TIME;
 
+       /* Setup the server affinity cache.  We don't reaally care
+          about the name.  Just setup affinity and the KRB5_CONFIG 
+          file. */
+
+       get_dc_name( "", ads->auth.realm, dc_name, &dc_ip );
+       
        status = ads_connect(ads);
        if (!ADS_ERR_OK(status) || !ads->config.realm) {
                DEBUG(1,("ads_connect for domain %s failed: %s\n", 

Reply via email to