From fd52f0eeae34fee8e996d6c906717cee043d7243 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 31 Mar 2005 20:11:20 +0000
Subject: r6154: fix winbindd <-> Windows 2003 sp1 issue. Can't do
 LsaOpenPolicy() over schannel anymore. This is an interesting find as it
 could imply that there are other changes we haven't seen yet in sp1.

Volker, You might want to look at this for trunk.
(This used to be commit 82e3a9d9b526522376ea967c66c67b02f2c68dd8)
---
 source3/nsswitch/winbindd_cm.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'source3')

diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index dc2d6cfc6f..e6a7df1977 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -376,7 +376,11 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 	got_mutex = False;
 	*retry = False;
 
-	if (domain->primary || IS_DC) {
+	/* Windows 2003 SP1 does not lie LsaOpenPolicy() over schannel.
+	   Returns RPC_NT_CANNOT_SUPPPORT (0xc0020041) for that call.
+	   So just drop it on the lsarpc pipe */
+
+	if ( (domain->primary || IS_DC) && (pipe_index!=PI_LSARPC) ) {
 		NTSTATUS status = setup_schannel( *cli, domain->name );
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(3,("schannel refused - continuing without "
-- 
cgit