From: Stefan Metzmacher Date: Thu, 23 Feb 2017 10:54:21 +0000 (+0100) Subject: s3:winbindd: add more debugging to cm_prepare_connection() X-Git-Tag: samba-4.4.10~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c07f071e86067a90ec36643287470c7ec8cc0fda;p=thirdparty%2Fsamba.git s3:winbindd: add more debugging to cm_prepare_connection() Any fallbacks to other authentication methods should be logged. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598 Signed-off-by: Stefan Metzmacher (similar to commit ba9d139ec3d71af184a24daf24356304c2e49144) --- diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 6669dc2e4e0..f8e4607a845 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1135,8 +1135,10 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, goto session_setup_done; } - DEBUG(4,("failed kerberos session setup with %s\n", - nt_errstr(result))); + DEBUG(1, ("Failed to use kerberos connecting to %s from %s " + "with kerberos principal [%s]\n", + controller, lp_netbios_name(), + machine_krb5_principal)); } if (krb5_state != CRED_MUST_USE_KERBEROS) { @@ -1154,10 +1156,15 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, machine_password, strlen(machine_password)+1, machine_domain); - } - if (NT_STATUS_IS_OK(result)) { - goto session_setup_done; + if (NT_STATUS_IS_OK(result)) { + goto session_setup_done; + } + + DEBUG(1, ("Failed to use NTLMSSP connecting to %s from %s " + "with username [%s]\\[%s]\n", + controller, lp_netbios_name(), + machine_domain, machine_account)); } /* @@ -1182,8 +1189,10 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, goto anon_fallback; } - DEBUG(4, ("authenticated session setup failed with %s\n", - nt_errstr(result))); + DEBUG(1, ("authenticated session setup to %s using %s failed with %s\n", + controller, + cli_credentials_get_unparsed_name(creds, talloc_tos()), + nt_errstr(result))); goto done; @@ -1222,6 +1231,11 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, goto session_setup_done; } + DEBUG(1, ("Failed to use NTLMSSP connecting to %s from %s " + "with username " + "[%s]\\[%s]\n", controller, lp_netbios_name(), + machine_domain, machine_account)); + /* * If we are not going to validiate the conneciton * with SMB signing, then allow us to fall back to @@ -1236,8 +1250,10 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, goto anon_fallback; } - DEBUG(4, ("authenticated session setup failed with %s\n", - nt_errstr(result))); + DEBUG(1, ("authenticated session setup to %s using %s failed with %s\n", + controller, + cli_credentials_get_unparsed_name(creds, talloc_tos()), + nt_errstr(result))); goto done; @@ -1249,7 +1265,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, } /* Fall back to anonymous connection, this might fail later */ - DEBUG(10,("cm_prepare_connection: falling back to anonymous " + DEBUG(5,("cm_prepare_connection: falling back to anonymous " "connection for DC %s\n", controller )); @@ -1261,6 +1277,9 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, goto session_setup_done; } + DEBUG(1, ("anonymous session setup to %s failed with %s\n", + controller, nt_errstr(result))); + /* We can't session setup */ goto done; @@ -1306,6 +1325,8 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, } if (!NT_STATUS_IS_OK(result)) { + DEBUG(1, ("Failed to prepare SMB connection to %s: %s\n", + controller, nt_errstr(result))); winbind_add_failed_connection_entry(domain, controller, result); if ((*cli) != NULL) { cli_shutdown(*cli);