r18015: Try and detect network failures immediately in

set_dc_type_and_flags().
Fix problem when DC is down in ads_connect, where
we fall back to NetBIOS and try exactly the same
IP addresses we just put in the negative connection
cache.... We can never succeed, so don't try lookups
a second time.
Jeremy.
(This used to be commit 2d28f3e94a1a87bc9e9ed6630ef48b1ce17022e8)

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index b23bc277e8f0535747ed927303d18ea4ae2feb2d..a02f9543606ab380b6d34c3cdfd9f2bf09a4c79a 100644 (file)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -286,6 +286,26 @@ again:
                
                if ( !NT_STATUS_IS_OK(check_negative_conn_cache(realm, server)) )
                        continue;
+
+               if (!got_realm) {
+                       /* realm in this case is a workgroup name. We need
+                          to ignore any IP addresses in the negative connection
+                          cache that match ip addresses returned in the ad realm
+                          case. It sucks that I have to reproduce the logic above... */
+                       c_realm = ads->server.realm;
+                       if ( !c_realm || !*c_realm ) {
+                               if ( !ads->server.workgroup || !*ads->server.workgroup ) {
+                                       c_realm = lp_realm();
+                               }
+                       }
+                       if (c_realm && *c_realm &&
+                                       !NT_STATUS_IS_OK(check_negative_conn_cache(c_realm, server))) {
+                               /* Ensure we add the workgroup name for this
+                                  IP address as negative too. */
+                               add_failed_connection_entry( realm, server, NT_STATUS_UNSUCCESSFUL );
+                               continue;
+                       }
+               }
                        
                if ( ads_try_connect(ads, server) ) {
                        SAFE_FREE(ip_list);

diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index b6a3b3ac054f24c5d76dbc65be59ca565ab4fb25..ce4e3cae18c579fd6e756dd0ce2500387af633ac 100644 (file)
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -594,7 +594,7 @@ static BOOL dcip_to_name( const char *domainname, const char *realm,
        /* For active directory servers, try to get the ldap server name.
           None of these failures should be considered critical for now */
 
-       if ( lp_security() == SEC_ADS ) {
+       if (lp_security() == SEC_ADS) {
                ADS_STRUCT *ads;
 
                ads = ads_init(realm, domainname, NULL);
@@ -976,10 +976,11 @@ void set_dc_type_and_flags( struct winbindd_domain *domain )
        TALLOC_CTX              *mem_ctx = NULL;
        struct rpc_pipe_client  *cli;
        POLICY_HND pol;
-       
+
        char *domain_name = NULL;
        char *dns_name = NULL;
        DOM_SID *dom_sid = NULL;
+       int try_count = 0;
 
        ZERO_STRUCT( ctr );
        
@@ -991,8 +992,10 @@ void set_dc_type_and_flags( struct winbindd_domain *domain )
                return;
        }
 
+  try_again:
+
        result = init_dc_connection(domain);
-       if (!NT_STATUS_IS_OK(result)) {
+       if (!NT_STATUS_IS_OK(result) || try_count > 2) {
                DEBUG(5, ("set_dc_type_and_flags: Could not open a connection "
                          "to %s: (%s)\n", domain->name, nt_errstr(result)));
                domain->initialized = True;
@@ -1007,7 +1010,9 @@ void set_dc_type_and_flags( struct winbindd_domain *domain )
                          "PI_LSARPC_DS on domain %s: (%s)\n",
                          domain->name, nt_errstr(result)));
                domain->initialized = True;
-               return;
+               /* We want to detect network failures asap to try another dc. */
+               try_count++;
+               goto try_again;
        }
 
        result = rpccli_ds_getprimarydominfo(cli, cli->cli->mem_ctx,
@@ -1028,7 +1033,9 @@ void set_dc_type_and_flags( struct winbindd_domain *domain )
 
        if (cli == NULL) {
                domain->initialized = True;
-               return;
+               /* We want to detect network failures asap to try another dc. */
+               try_count++;
+               goto try_again;
        }
 
        mem_ctx = talloc_init("set_dc_type_and_flags on domain %s\n",