From 9c207adbe9cf2487231956dedfbd338820cf4027 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 18 Oct 2017 13:36:59 +0200
Subject: [PATCH] s3:cli_netlogon: let rpccli_connect_netlogon() retry once
 after NT_STATUS_NETWORK_ACCESS_DENIED

Otherwise we could easily endup with an endless loop.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source3/rpc_client/cli_netlogon.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 469d348f6b9..a7676efb055 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -292,6 +292,7 @@ NTSTATUS rpccli_connect_netlogon(
 	bool do_serverauth;
 	struct rpc_pipe_client *rpccli;
 	NTSTATUS status;
+	bool retry = false;
 
 again:
 
@@ -354,9 +355,10 @@ again:
 		status = cli_rpc_pipe_open_bind_schannel(
 			cli, &ndr_table_netlogon, transport, creds_ctx,
 			&rpccli);
-		if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
+		if (!retry && NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
 			DBG_DEBUG("Retrying with serverauthenticate\n");
 			TALLOC_FREE(lck);
+			retry = true;
 			goto again;
 		}
 		if (!NT_STATUS_IS_OK(status)) {