From c344bf0184be484fff8bb5ed93b5c2ca6de58611 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Mon, 5 Oct 2009 17:05:38 +0200
Subject: s3-winbindd: make sure to reset connections when machine account
 password change chain was broken.

Guenther
---
 source3/winbindd/winbindd_dual.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index edf784cc21..a832451e08 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -1100,6 +1100,14 @@ static void machine_password_change_handler(struct event_context *ctx,
 		DEBUG(10,("machine_password_change_handler: "
 			"failed to change machine password: %s\n",
 			 nt_errstr(result)));
+		if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
+			DEBUG(3,("machine_password_change_handler: password set returned "
+				"ACCESS_DENIED.  Maybe the trust account "
+				"password was changed and we didn't know it. "
+				"Killing connections to domain %s\n",
+				child->domain->name));
+			invalidate_cm_connection(&child->domain->conn);
+		}
 	} else {
 		DEBUG(10,("machine_password_change_handler: "
 			"successfully changed machine password\n"));
-- 
cgit