diff options
author | Stefan Metzmacher <metze@samba.org> | 2018-12-08 23:25:40 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-01-09 15:55:39 +0100 |
commit | cfad63624ceffc2daa63e16411f6d64309ffc76e (patch) | |
tree | 75d4fb677556160171ac1b2490f90a88c36e497b | |
parent | 2181925b13c481b2923dec1035fdea03598ab855 (diff) | |
download | samba-cfad63624ceffc2daa63e16411f6d64309ffc76e.tar.gz |
s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trusts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Dec 20 12:15:09 CET 2018 on sn-devel-144
(cherry picked from commit 63dc60767eb13d8fc09ed4bc44faa538581b18f1)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Wed Jan 9 15:55:39 CET 2019 on sn-devel-144
-rw-r--r-- | source3/auth/auth_winbind.c | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index 0f5d684ff18..93b832265cf 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -22,6 +22,7 @@ #include "includes.h" #include "auth.h" +#include "passdb.h" #include "nsswitch/libwbclient/wbclient.h" #undef DBGC_CLASS @@ -110,7 +111,37 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, } if (wbc_status == WBC_ERR_WINBIND_NOT_AVAILABLE) { - return NT_STATUS_NO_LOGON_SERVERS; + struct pdb_trusted_domain **domains = NULL; + uint32_t num_domains = 0; + NTSTATUS status; + + if (lp_server_role() == ROLE_DOMAIN_MEMBER) { + status = NT_STATUS_NO_LOGON_SERVERS; + DBG_ERR("winbindd not running - " + "but required as domain member: %s\n", + nt_errstr(status)); + return status; + } + + status = pdb_enum_trusted_domains(talloc_tos(), &num_domains, &domains); + if (!NT_STATUS_IS_OK(status)) { + DBG_ERR("pdb_enum_trusted_domains() failed - %s\n", + nt_errstr(status)); + return status; + } + TALLOC_FREE(domains); + + if (num_domains == 0) { + DBG_DEBUG("winbindd not running - ignoring without " + "trusted domains\n"); + return NT_STATUS_NOT_IMPLEMENTED; + } + + status = NT_STATUS_NO_LOGON_SERVERS; + DBG_ERR("winbindd not running - " + "but required as DC with trusts: %s\n", + nt_errstr(status)); + return status; } if (wbc_status == WBC_ERR_AUTH_ERROR) { |