summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/winbindd_pam.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 63127cbfcd..3b13a9269a 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1638,12 +1638,24 @@ process_result:
if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) {
- result = fillup_password_policy(domain, state);
-
+ struct winbindd_domain *our_domain = find_our_domain();
+
+ /* This is not entiurely correct I believe, but it is
+ consistent. Only apply the password policy settings
+ too warn users for our own domain. Cannot obtain these
+ from trusted DCs all the time so don't do it at all.
+ -- jerry */
+
+ result = NT_STATUS_NOT_SUPPORTED;
+ if (our_domain == domain ) {
+a result = fillup_password_policy(our_domain, state);
+ }
+
if (!NT_STATUS_IS_OK(result)
&& !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) )
{
- DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
+ DEBUG(10,("Failed to get password policies for domain %s: %s\n",
+ domain->name, nt_errstr(result)));
goto done;
}
}