From dc14e67a6ba07946b5b98644d950a6b29b1c11c6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 13 Sep 2006 13:28:42 +0000 Subject: r18467: Some sites allow an account to be deleted, but not disabled. Cope with both - print appropriate messages. Jeremy. (This used to be commit 2c003a4463ff59c477fa2558f869444cfa75e3a8) --- source3/utils/net_ads.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 18c00f3de8..3fa1be78c1 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -755,10 +755,12 @@ static int net_ads_status(int argc, const char **argv) That only worked using the machine creds because added the machine with full control to the computer object's ACL. *******************************************************************/ + static int net_ads_leave(int argc, const char **argv) { ADS_STRUCT *ads = NULL; ADS_STATUS adsret; + NTSTATUS status; int ret = -1; struct cli_state *cli = NULL; TALLOC_CTX *ctx; @@ -795,28 +797,29 @@ static int net_ads_leave(int argc, const char **argv) goto done; } - if ( !NT_STATUS_IS_OK(netdom_leave_domain( ctx, cli, dom_sid )) ) { - d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n", - global_myname(), ads->config.realm); - goto done; - } - - ret = 0; + status = netdom_leave_domain(ctx, cli, dom_sid); - /* Now we've disabled the account, try and delete it - via LDAP - the old way we used to. Don't log a failure - if this failed. */ + /* Ty and delete it via LDAP - the old way we used to. */ adsret = ads_leave_realm(ads, global_myname()); if (ADS_ERR_OK(adsret)) { d_printf("Deleted account for '%s' in realm '%s'\n", global_myname(), ads->config.realm); + ret = 0; } else { - d_printf("Disabled account for '%s' in realm '%s'\n", - global_myname(), ads->config.realm); + /* We couldn't delete it - see if the disable succeeded. */ + if (NT_STATUS_IS_OK(status)) { + d_printf("Disabled account for '%s' in realm '%s'\n", + global_myname(), ads->config.realm); + ret = 0; + } else { + d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n", + global_myname(), ads->config.realm); + } } done: + if ( cli ) cli_shutdown(cli); -- cgit