The branch, v3-6-test has been updated
via 8ba1bdf s3:winbind: BUG 9386: Failover if netlogon pipe is not
available.
from 5fbedc1 lib/krb5_wrap: request enc_types in the correct order (bug
#9272)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 8ba1bdfe5ee784c6652c329760a8226e9da4a8a8
Author: Andreas Schneider <[email protected]>
Date: Fri Nov 9 15:33:09 2012 +0100
s3:winbind: BUG 9386: Failover if netlogon pipe is not available.
Samba continues to query a broken DC while the DC did not finish to
rebuild Sysvol (after a Windows crash, for example). It causes end users
to received strange codes while trying to authenticate, even if there is
a secondary DC available.
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
Autobuild-User(master): Stefan Metzmacher <[email protected]>
Autobuild-Date(master): Mon Nov 12 18:57:18 CET 2012 on sn-devel-104
(cherry picked from commit 3b01dd5f59841b11e9906b8c23345946e0d0ea8c)
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_pam.c | 52 +++++++++++++++++++++++++++++---------
1 files changed, 39 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 619b632..a966202 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1152,6 +1152,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct
winbindd_domain *domain,
struct netr_SamInfo3 **info3)
{
int attempts = 0;
+ int netr_attempts = 0;
bool retry = false;
NTSTATUS result;
@@ -1166,22 +1167,47 @@ static NTSTATUS winbind_samlogon_retry_loop(struct
winbindd_domain *domain,
result = cm_connect_netlogon(domain, &netlogon_pipe);
if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3,("could not open handle to NETLOGON pipe
(error: %s)\n",
- nt_errstr(result)));
- if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
- if (attempts > 0) {
- DEBUG(3, ("This is the second problem
for this "
- "particular call, forcing the
close of "
- "this connection\n"));
- invalidate_cm_connection(&domain->conn);
- } else {
- DEBUG(3, ("First call to
cm_connect_netlogon "
- "has timed out, retrying\n"));
- continue;
- }
+ DEBUG(3,("Could not open handle to NETLOGON pipe "
+ "(error: %s, attempts: %d)\n",
+ nt_errstr(result), netr_attempts));
+
+ /* After the first retry always close the connection */
+ if (netr_attempts > 0) {
+ DEBUG(3, ("This is again a problem for this "
+ "particular call, forcing the close "
+ "of this connection\n"));
+ invalidate_cm_connection(&domain->conn);
+ }
+
+ /* After the second retry failover to the next DC */
+ if (netr_attempts > 1) {
+ /*
+ * If the netlogon server is not reachable then
+ * it is possible that the DC is rebuilding
+ * sysvol and shutdown netlogon for that time.
+ * We should failover to the next dc.
+ */
+ DEBUG(3, ("This is the third problem for this "
+ "particular call, adding DC to the "
+ "negative cache list\n"));
+ add_failed_connection_entry(domain->name,
+ domain->dcname,
+ result);
+ saf_delete(domain->name);
+ }
+
+ /* Only allow 3 retries */
+ if (netr_attempts < 3) {
+ DEBUG(3, ("The connection to netlogon "
+ "failed, retrying\n"));
+ netr_attempts++;
+ retry = true;
+ continue;
}
return result;
}
+ netr_attempts = 0;
+
auth = netlogon_pipe->auth;
if (netlogon_pipe->dc) {
neg_flags = netlogon_pipe->dc->negotiate_flags;
--
Samba Shared Repository
