summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/winbindd_misc.c18
1 files changed, 17 insertions, 1 deletions
diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c
index 163837d1c3..9520fc218b 100644
--- a/source3/nsswitch/winbindd_misc.c
+++ b/source3/nsswitch/winbindd_misc.c
@@ -70,12 +70,15 @@ enum winbindd_result winbindd_check_machine_acct(
int count;
uint16 validation_level;
fstring controller, trust_account;
+ int num_retries = 0;
DEBUG(3, ("[%5d]: check machine account\n", state->pid));
/* Get trust account password */
- if (!_get_trust_account_password(lp_workgroup(), trust_passwd, NULL)) {
+ again:
+ if (!_get_trust_account_password(lp_workgroup(), trust_passwd,
+ NULL)) {
result = NT_STATUS_INTERNAL_ERROR;
goto done;
}
@@ -104,6 +107,19 @@ enum winbindd_result winbindd_check_machine_acct(
SEC_CHAN_WKSTA, &validation_level);
#endif
+ /* There is a race condition between fetching the trust account
+ password and joining the domain so it's possible that the trust
+ account password has been changed on us. We are returned
+ NT_STATUS_ACCESS_DENIED if this happens. */
+
+#define MAX_RETRIES 8
+
+ if ((num_retries < MAX_RETRIES) &&
+ result == NT_STATUS_ACCESS_DENIED) {
+ num_retries++;
+ goto again;
+ }
+
/* Pass back result code - zero for success, other values for
specific failures. */