diff options
author | Christof Schmitt <cs@samba.org> | 2014-08-22 09:15:59 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2014-08-30 03:48:12 +0200 |
commit | c203c722e7e22f9146f2ecf6f42452c0e82042e4 (patch) | |
tree | 603c2291bc83b957db0cedc24a37bdcd6b202cd6 | |
parent | 934b452e138c51dc39c70e8246b138a632476dc4 (diff) | |
download | samba-c203c722e7e22f9146f2ecf6f42452c0e82042e4.tar.gz |
s3-winbindd: Use correct realm for trusted domains in idmap child
When authenticating users in a trusted domain, the idmap_ad module
always connects to a local DC instead of one in the trusted domain.
Fix this by passing the correct realm to connect to.
Also Comment parameters passed to ads_cached_connection_connect
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | source3/winbindd/winbindd_ads.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index a869ff5314d..1da24624fab 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -188,8 +188,15 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name) } } - status = ads_cached_connection_connect(adsp, realm, dom_name, ldap_server, - password, realm, 0); + status = ads_cached_connection_connect( + adsp, /* Returns ads struct. */ + wb_dom->alt_name, /* realm to connect to. */ + dom_name, /* 'workgroup' name for ads_init */ + ldap_server, /* DNS name to connect to. */ + password, /* password for auth realm. */ + realm, /* realm used for krb5 ticket. */ + 0); /* renewable ticket time. */ + SAFE_FREE(realm); TALLOC_FREE(ldap_server); |