From: Garming Sam Date: Tue, 4 Apr 2017 00:42:17 +0000 (+1200) Subject: libads: Decide to have no fallback option X-Git-Tag: ldb-1.1.30~47 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=deec2af7d2d0beb612bc9f35cca66cc825b9816d;p=thirdparty%2Fsamba.git libads: Decide to have no fallback option Before this change, it would always possibly choose another server at random despite later using the original principal when it got back to the connection initialization in the the winbind connection manager. This caused bizarre authentication failures. Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett --- diff --git a/source3/include/ads.h b/source3/include/ads.h index 2b25c1c6c29..ebc5728f3a4 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -64,6 +64,7 @@ typedef struct ads_struct { char *workgroup; char *ldap_server; bool gc; /* Is this a global catalog server? */ + bool no_fallback; /* Bail if the ldap_server is not available */ } server; /* info needed to authenticate */ diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index b2c57480f1e..c18837cc524 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -613,6 +613,11 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) if (ads->server.gc == true) { return ADS_ERROR(LDAP_OPERATIONS_ERROR); } + + if (ads->server.no_fallback) { + status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND); + goto out; + } } ntstatus = ads_find_dc(ads); diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index ce149b294e2..7566a301b7c 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1370,6 +1370,7 @@ static bool dcip_check_name(TALLOC_CTX *mem_ctx, ads = ads_init(domain->alt_name, domain->name, addr); ads->auth.flags |= ADS_AUTH_NO_BIND; ads->config.flags |= request_flags; + ads->server.no_fallback = true; ads_status = ads_connect(ads); if (ADS_ERR_OK(ads_status)) {