From: Volker Lendecke <vl@samba.org>
Date: Tue, 24 Nov 2009 15:51:30 +0000 (+0100)
Subject: s3: Always try SamLogonEx
X-Git-Tag: samba-4.0.0alpha9~201
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=de63a5ad91eabb22c58338779ddb4bc16ab647ac;p=thirdparty%2Fsamba.git

s3: Always try SamLogonEx

Required for cluster systems working in a Samba domain. With NT4 this won't
work, but real NT4 DCs should not be around in environments that pay big bucks
for a cluster... And if they are, they can always install a Samba DC trusting
that NT4 domain.
---

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 95e1daf0b71..e310d426a28 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2471,9 +2471,13 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
 	}
 
 	/*
-	 * Try NetSamLogonEx for AD domains
+	 * Always try netr_LogonSamLogonEx. We will fall back for NT4
+	 * which gives DCERPC_FAULT_OP_RNG_ERROR (function not
+	 * supported). We used to only try SamLogonEx for AD, but
+	 * Samba DCs can also do it. And because we don't distinguish
+	 * between Samba and NT4, always try it once.
 	 */
-	domain->can_do_samlogon_ex = domain->active_directory;
+	domain->can_do_samlogon_ex = true;
 
 	*cli = conn->netlogon_pipe;
 	return NT_STATUS_OK;