diff --git a/SOURCES/samba-4.2.x-fix_netlogon_wo_winbind.patch b/SOURCES/samba-4.2.x-fix_netlogon_wo_winbind.patch
new file mode 100644
index 0000000..604c281
--- /dev/null
+++ b/SOURCES/samba-4.2.x-fix_netlogon_wo_winbind.patch
@@ -0,0 +1,69 @@
+From 91e4cbc46f0f54570f27a829b7c7c71da657030b Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Mon, 9 Feb 2015 10:33:01 +0100
+Subject: [PATCH] s3:auth_domain: fix talloc problem in
+ connect_to_domain_password_server()
+
+return values of connect_to_domain_password_server() need to be exported
+to the callers memory context.
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Guenther Deschner <gd@samba.org>
+---
+ source3/auth/auth_domain.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
+index 373b596..e29330d 100644
+--- a/source3/auth/auth_domain.c
++++ b/source3/auth/auth_domain.c
+@@ -53,6 +53,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli_ret,
+ 						const char *dc_name,
+ 						const struct sockaddr_storage *dc_ss,
+ 						struct rpc_pipe_client **pipe_ret,
++						TALLOC_CTX *mem_ctx,
+ 						struct netlogon_creds_cli_context **creds_ret)
+ {
+ 	TALLOC_CTX *frame = talloc_stackframe();
+@@ -209,7 +210,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli_ret,
+ 
+ 	*cli_ret = cli;
+ 	*pipe_ret = netlogon_pipe;
+-	*creds_ret = netlogon_creds;
++	*creds_ret = talloc_move(mem_ctx, &netlogon_creds);
+ 
+ 	TALLOC_FREE(frame);
+ 	return NT_STATUS_OK;
+@@ -230,6 +231,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
+ 					const struct sockaddr_storage *dc_ss)
+ 
+ {
++	TALLOC_CTX *frame = talloc_stackframe();
+ 	struct netr_SamInfo3 *info3 = NULL;
+ 	struct cli_state *cli = NULL;
+ 	struct rpc_pipe_client *netlogon_pipe = NULL;
+@@ -255,11 +257,13 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
+ 							dc_name,
+ 							dc_ss,
+ 							&netlogon_pipe,
++							frame,
+ 							&netlogon_creds);
+ 	}
+ 
+ 	if ( !NT_STATUS_IS_OK(nt_status) ) {
+ 		DEBUG(0,("domain_client_validate: Domain password server not available.\n"));
++		TALLOC_FREE(frame);
+ 		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED)) {
+ 			return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE;
+ 		}
+@@ -324,6 +328,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
+ 	   these pointers are no longer valid..... */
+ 
+ 	cli_shutdown(cli);
++	TALLOC_FREE(frame);
+ 	return nt_status;
+ }
+ 
+-- 
+2.1.0
+
diff --git a/SPECS/samba.spec b/SPECS/samba.spec
index 50dc153..ffc65b7 100644
--- a/SPECS/samba.spec
+++ b/SPECS/samba.spec
@@ -6,7 +6,7 @@
 # ctdb is enabled by default, you can disable it with: --without clustering
 %bcond_without clustering
 
-%define main_release 23
+%define main_release 24
 
 %define samba_version 4.1.12
 %define talloc_version 2.1.1
@@ -127,6 +127,7 @@ Patch24: samba-4.1.x-CVE-2015-0240.patch
 
 Patch100: samba-4.2.x-fix_gecos_field_with_samlogon.patch
 Patch101: samba-4.2.x-fix_net_rpc_join_schannel.patch
+Patch102: samba-4.2.x-fix_netlogon_wo_winbind.patch
 
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
@@ -577,6 +578,7 @@ module necessary to communicate to the Winbind Daemon
 # schannel support from 4.2.x
 %patch100 -p1 -b .samba-4.1.13-fix_gecos_field_with_samlogon.patch
 %patch101 -p1 -b .samba-4.2.x-fix_net_rpc_join_schannel.patch
+%patch102 -p1 -b .samba-4.2.x-fix_netlogon_wo_winbind.patch
 
 %build
 %global _talloc_lib ,talloc,pytalloc,pytalloc-util
@@ -1677,6 +1679,9 @@ rm -rf %{buildroot}
 %{_mandir}/man8/pam_winbind.8*
 
 %changelog
+* Mon Aug 31 2015 - Guenther Deschner <gdeschner@redhat.com> - 4.1.12-24
+- resolves: #1258317 - Fix NETLOGON authentication without winbindd.
+
 * Thu Apr 09 2015 Andreas Schneider <asn@redhat.com> - 4.1.12-23
 - related: #1208495 - Rebuild Samba with new binutils package.