From 10c82d0619f71e8c6dac5755d2b327c2a543cca4 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 8 Nov 2010 16:55:17 +1100
Subject: s4-auth Supply more useful error messages on Kerberos failure

The practice of returning only NT_STATUS_INVALID_PARAMETER hasn't
helped our users to debug problems effectivly, and so we now return
more errors and try and give a more useful debug message when then
happen.

Andrew Bartlett
---
 source4/auth/gensec/spnego.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'source4/auth/gensec/spnego.c')

diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index 4902cd8ee1..813bf0a730 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -495,6 +495,8 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
 			 * of this mech */
 			if (spnego_state->state_position != SPNEGO_SERVER_START) {
 				if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_PARAMETER) || 
+				    NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_LOGON_SERVERS) ||
+				    NT_STATUS_EQUAL(nt_status, NT_STATUS_TIME_DIFFERENCE_AT_DC) ||
 				    NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) {
 					/* Pretend we never started it (lets the first run find some incompatible demand) */
 					
-- 
cgit