From 9c169e9e42b58e7b6c4b37f57d4649daea7593e5 Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Thu, 27 Mar 2008 11:56:29 -0500 Subject: Don't fill password policy structure for any domain other than our own. The samr connects will fail. This is not independent of the CONTACT_TRUSTDOM flag neede by krb5 logins. (This used to be commit 4de4949e3bfcfb2169c329f19cb76936d9043d50) --- source3/winbindd/winbindd_pam.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'source3/winbindd') diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 63127cbfcd..3b13a9269a 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1638,12 +1638,24 @@ process_result: if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) { - result = fillup_password_policy(domain, state); - + struct winbindd_domain *our_domain = find_our_domain(); + + /* This is not entiurely correct I believe, but it is + consistent. Only apply the password policy settings + too warn users for our own domain. Cannot obtain these + from trusted DCs all the time so don't do it at all. + -- jerry */ + + result = NT_STATUS_NOT_SUPPORTED; + if (our_domain == domain ) { +a result = fillup_password_policy(our_domain, state); + } + if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) ) { - DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result))); + DEBUG(10,("Failed to get password policies for domain %s: %s\n", + domain->name, nt_errstr(result))); goto done; } } -- cgit