s3-winbindd: Use correct realm for trusted domains in idmap child

When authenticating users in a trusted domain, the idmap_ad module always connects to a local DC instead of one in the trusted domain. Fix this by passing the correct realm to connect to. Also Comment parameters passed to ads_cached_connection_connect Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
author: Christof Schmitt <cs@samba.org> 2014-08-22 09:15:59 -0700
committer: Jeremy Allison <jra@samba.org> 2014-08-30 03:48:12 +0200
commit: c203c722e7e22f9146f2ecf6f42452c0e82042e4 (patch)
tree: 603c2291bc83b957db0cedc24a37bdcd6b202cd6
parent: 934b452e138c51dc39c70e8246b138a632476dc4 (diff)
download: samba-c203c722e7e22f9146f2ecf6f42452c0e82042e4.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index a869ff5314d..1da24624fab 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -188,8 +188,15 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name)
 		}
 	}
 
-	status = ads_cached_connection_connect(adsp, realm, dom_name, ldap_server,
-					       password, realm, 0);
+	status = ads_cached_connection_connect(
+		adsp,			/* Returns ads struct. */
+		wb_dom->alt_name,	/* realm to connect to. */
+		dom_name,		/* 'workgroup' name for ads_init */
+		ldap_server,		/* DNS name to connect to. */
+		password,		/* password for auth realm. */
+		realm,			/* realm used for krb5 ticket. */
+		0);			/* renewable ticket time. */
+
 	SAFE_FREE(realm);
 	TALLOC_FREE(ldap_server);
author	Christof Schmitt <cs@samba.org>	2014-08-22 09:15:59 -0700
committer	Jeremy Allison <jra@samba.org>	2014-08-30 03:48:12 +0200
commit	c203c722e7e22f9146f2ecf6f42452c0e82042e4 (patch)
tree	603c2291bc83b957db0cedc24a37bdcd6b202cd6
parent	934b452e138c51dc39c70e8246b138a632476dc4 (diff)
download	samba-c203c722e7e22f9146f2ecf6f42452c0e82042e4.tar.gz