summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libads/ldap.c20
-rw-r--r--source3/nsswitch/winbindd_cm.c17
2 files changed, 32 insertions, 5 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index b23bc277e8..a02f954360 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -286,6 +286,26 @@ again:
if ( !NT_STATUS_IS_OK(check_negative_conn_cache(realm, server)) )
continue;
+
+ if (!got_realm) {
+ /* realm in this case is a workgroup name. We need
+ to ignore any IP addresses in the negative connection
+ cache that match ip addresses returned in the ad realm
+ case. It sucks that I have to reproduce the logic above... */
+ c_realm = ads->server.realm;
+ if ( !c_realm || !*c_realm ) {
+ if ( !ads->server.workgroup || !*ads->server.workgroup ) {
+ c_realm = lp_realm();
+ }
+ }
+ if (c_realm && *c_realm &&
+ !NT_STATUS_IS_OK(check_negative_conn_cache(c_realm, server))) {
+ /* Ensure we add the workgroup name for this
+ IP address as negative too. */
+ add_failed_connection_entry( realm, server, NT_STATUS_UNSUCCESSFUL );
+ continue;
+ }
+ }
if ( ads_try_connect(ads, server) ) {
SAFE_FREE(ip_list);
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index b6a3b3ac05..ce4e3cae18 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -594,7 +594,7 @@ static BOOL dcip_to_name( const char *domainname, const char *realm,
/* For active directory servers, try to get the ldap server name.
None of these failures should be considered critical for now */
- if ( lp_security() == SEC_ADS ) {
+ if (lp_security() == SEC_ADS) {
ADS_STRUCT *ads;
ads = ads_init(realm, domainname, NULL);
@@ -976,10 +976,11 @@ void set_dc_type_and_flags( struct winbindd_domain *domain )
TALLOC_CTX *mem_ctx = NULL;
struct rpc_pipe_client *cli;
POLICY_HND pol;
-
+
char *domain_name = NULL;
char *dns_name = NULL;
DOM_SID *dom_sid = NULL;
+ int try_count = 0;
ZERO_STRUCT( ctr );
@@ -991,8 +992,10 @@ void set_dc_type_and_flags( struct winbindd_domain *domain )
return;
}
+ try_again:
+
result = init_dc_connection(domain);
- if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_IS_OK(result) || try_count > 2) {
DEBUG(5, ("set_dc_type_and_flags: Could not open a connection "
"to %s: (%s)\n", domain->name, nt_errstr(result)));
domain->initialized = True;
@@ -1007,7 +1010,9 @@ void set_dc_type_and_flags( struct winbindd_domain *domain )
"PI_LSARPC_DS on domain %s: (%s)\n",
domain->name, nt_errstr(result)));
domain->initialized = True;
- return;
+ /* We want to detect network failures asap to try another dc. */
+ try_count++;
+ goto try_again;
}
result = rpccli_ds_getprimarydominfo(cli, cli->cli->mem_ctx,
@@ -1028,7 +1033,9 @@ void set_dc_type_and_flags( struct winbindd_domain *domain )
if (cli == NULL) {
domain->initialized = True;
- return;
+ /* We want to detect network failures asap to try another dc. */
+ try_count++;
+ goto try_again;
}
mem_ctx = talloc_init("set_dc_type_and_flags on domain %s\n",