diff options
-rw-r--r-- | source3/winbindd/winbindd_msrpc.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index 7cff38d4e2..98c5e3ad0f 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -1115,6 +1115,22 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, /* And restore our original timeout. */ rpccli_set_timeout(cli, orig_timeout); + if (NT_STATUS_V(status) == DCERPC_FAULT_ACCESS_DENIED || + NT_STATUS_V(status) == DCERPC_FAULT_SEC_PKG_ERROR) { + /* + * This can happen if the schannel key is not + * valid anymore, we need to invalidate the + * all connections to the dc and reestablish + * a netlogon connection first. + */ + invalidate_cm_connection(&domain->conn); + status = NT_STATUS_ACCESS_DENIED; + } + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + return status; } @@ -1178,6 +1194,18 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, /* And restore our original timeout. */ rpccli_set_timeout(cli, orig_timeout); + if (NT_STATUS_V(status) == DCERPC_FAULT_ACCESS_DENIED || + NT_STATUS_V(status) == DCERPC_FAULT_SEC_PKG_ERROR) { + /* + * This can happen if the schannel key is not + * valid anymore, we need to invalidate the + * all connections to the dc and reestablish + * a netlogon connection first. + */ + invalidate_cm_connection(&domain->conn); + status = NT_STATUS_ACCESS_DENIED; + } + if (!NT_STATUS_IS_OK(status)) { return status; } |