From 82e3a9d9b526522376ea967c66c67b02f2c68dd8 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 31 Mar 2005 20:11:20 +0000
Subject: [PATCH] r6154: fix winbindd <-> Windows 2003 sp1 issue. Can't do
 LsaOpenPolicy() over schannel anymore. This is an interesting find as it
 could imply that there are other changes we haven't seen yet in sp1.

Volker, You might want to look at this for trunk.
---
 source/nsswitch/winbindd_cm.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/source/nsswitch/winbindd_cm.c b/source/nsswitch/winbindd_cm.c
index dc2d6cfc6f6..e6a7df19775 100644
--- a/source/nsswitch/winbindd_cm.c
+++ b/source/nsswitch/winbindd_cm.c
@@ -376,7 +376,11 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 	got_mutex = False;
 	*retry = False;
 
-	if (domain->primary || IS_DC) {
+	/* Windows 2003 SP1 does not lie LsaOpenPolicy() over schannel.
+	   Returns RPC_NT_CANNOT_SUPPPORT (0xc0020041) for that call.
+	   So just drop it on the lsarpc pipe */
+
+	if ( (domain->primary || IS_DC) && (pipe_index!=PI_LSARPC) ) {
 		NTSTATUS status = setup_schannel( *cli, domain->name );
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(3,("schannel refused - continuing without "
-- 
2.47.3