diff options
Diffstat (limited to 'source3/utils/net_ads.c')
-rw-r--r-- | source3/utils/net_ads.c | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 18c00f3de8..3fa1be78c1 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -755,10 +755,12 @@ static int net_ads_status(int argc, const char **argv) That only worked using the machine creds because added the machine with full control to the computer object's ACL. *******************************************************************/ + static int net_ads_leave(int argc, const char **argv) { ADS_STRUCT *ads = NULL; ADS_STATUS adsret; + NTSTATUS status; int ret = -1; struct cli_state *cli = NULL; TALLOC_CTX *ctx; @@ -795,28 +797,29 @@ static int net_ads_leave(int argc, const char **argv) goto done; } - if ( !NT_STATUS_IS_OK(netdom_leave_domain( ctx, cli, dom_sid )) ) { - d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n", - global_myname(), ads->config.realm); - goto done; - } - - ret = 0; + status = netdom_leave_domain(ctx, cli, dom_sid); - /* Now we've disabled the account, try and delete it - via LDAP - the old way we used to. Don't log a failure - if this failed. */ + /* Ty and delete it via LDAP - the old way we used to. */ adsret = ads_leave_realm(ads, global_myname()); if (ADS_ERR_OK(adsret)) { d_printf("Deleted account for '%s' in realm '%s'\n", global_myname(), ads->config.realm); + ret = 0; } else { - d_printf("Disabled account for '%s' in realm '%s'\n", - global_myname(), ads->config.realm); + /* We couldn't delete it - see if the disable succeeded. */ + if (NT_STATUS_IS_OK(status)) { + d_printf("Disabled account for '%s' in realm '%s'\n", + global_myname(), ads->config.realm); + ret = 0; + } else { + d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n", + global_myname(), ads->config.realm); + } } done: + if ( cli ) cli_shutdown(cli); |