From dcf2200411f8a98eaee03b6fa235e1e9aa41b3f3 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 12 Aug 2005 15:28:19 +0000 Subject: r9261: Fix #2976: windows member servers wouldn't alloc connections from users defined locally because if we didn't find them as a DC we were marking the response as authoritative. Now if it's not a domain we know, we mark the response non-authoritative. Fix from jpjanosi@us.ibm.com (This used to be commit d522277b86ff728f6f2b9feb2f8e3fa38c43d162) --- source3/rpc_server/srv_netlog_nt.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/rpc_server/srv_netlog_nt.c') diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 388d649c3c..78ff669d07 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -716,6 +716,15 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * /* Check account and password */ if (!NT_STATUS_IS_OK(status)) { + /* If we don't know what this domain is, we need to + indicate that we are not authoritative. This + allows the client to decide if it needs to try + a local user. Fix by jpjanosi@us.ibm.com, #2976 */ + if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER) + && !strequal(nt_domain, get_global_sam_name()) + && !is_trusted_domain(nt_domain) ) + r_u->auth_resp = 0; /* We are not authoritative */ + free_server_info(&server_info); return status; } -- cgit