diff options
-rw-r--r-- | selftest/knownfail | 1 | ||||
-rw-r--r-- | source4/auth/ntlm/auth_sam.c | 6 |
2 files changed, 5 insertions, 2 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index 76578c9517a..c6047c85445 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -335,4 +335,3 @@ # We currently don't send referrals for LDAP modify of non-replicated attrs ^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.* ^samba4.ldap.rodc_rwdc.python.*.__main__.RodcRwdcTests.test_change_password_reveal_on_demand_kerberos -^samba4.ldap.rodc_rwdc.python.*.__main__.RodcRwdcTests.test_change_password_reveal_on_demand_ntlm diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index cfe7455501b..0b175b5ecc7 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -174,6 +174,7 @@ static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_con struct ldb_message *dom_msg; struct samr_Password *lm_pwd; struct samr_Password *nt_pwd; + bool am_rodc; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { @@ -196,7 +197,6 @@ static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_con } if (lm_pwd == NULL && nt_pwd == NULL) { - bool am_rodc; if (samdb_rodc(auth_context->sam_ctx, &am_rodc) == LDB_SUCCESS && am_rodc) { /* * we don't have passwords for this @@ -458,6 +458,10 @@ static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_con nt_errstr(nt_status))); } + if (samdb_rodc(auth_context->sam_ctx, &am_rodc) == LDB_SUCCESS && am_rodc) { + *authoritative = false; + } + TALLOC_FREE(tmp_ctx); return NT_STATUS_WRONG_PASSWORD; } |