From fd5ff711b6fa4b1146776ba6f915a20e64786c53 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sun, 6 May 2007 20:33:33 +0000 Subject: r22712: Inform the user when logging in via pam_winbind and the krb5 tkt cache could not be created due to clock skew. (This used to be commit 24616f7d6be40b090dc74851b1ea7d09d6976811) --- source3/nsswitch/winbindd_pam.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/nsswitch/winbindd_pam.c') diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index eb2da870c3..d9c9fe91cb 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -1326,6 +1326,7 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain, struct winbindd_cli_state *state) { NTSTATUS result = NT_STATUS_LOGON_FAILURE; + NTSTATUS krb5_result = NT_STATUS_OK; fstring name_domain, name_user; NET_USER_INFO_3 *info3 = NULL; @@ -1365,6 +1366,9 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain, if (domain->online && (state->request.flags & WBFLAG_PAM_KRB5)) { result = winbindd_dual_pam_auth_kerberos(domain, state, &info3); + /* save for later */ + krb5_result = result; + if (NT_STATUS_IS_OK(result)) { DEBUG(10,("winbindd_dual_pam_auth_kerberos succeeded\n")); @@ -1412,6 +1416,10 @@ sam_logon: if (NT_STATUS_IS_OK(result)) { DEBUG(10,("winbindd_dual_pam_auth_samlogon succeeded\n")); + /* add the Krb5 err if we have one */ + if ( NT_STATUS_EQUAL(krb5_result, NT_STATUS_TIME_DIFFERENCE_AT_DC ) ) { + info3->user_flgs |= LOGON_KRB5_FAIL_CLOCK_SKEW; + } goto process_result; } else { DEBUG(10,("winbindd_dual_pam_auth_samlogon failed: %s\n", nt_errstr(result))); -- cgit