From c016afc832543514ebf7ecda1fbe6b272ea533d6 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 1 Apr 2019 16:47:26 +0200
Subject: s3:libads: Make sure we can lookup KDCs which are not configured

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source3/libads/kerberos.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'source3')

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index c8aa9191c7e..721c3c2a929 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -677,11 +677,19 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
 	}
 #endif
 
+	/*
+	 * We are setting 'dns_lookup_kdc' to true, because we want to lookup
+	 * KDCs which are not configured via DNS SRV records, eg. if we do:
+	 *
+	 *     net ads join -Uadmin@otherdomain
+	 */
 	file_contents =
 	    talloc_asprintf(fname,
-			    "[libdefaults]\n\tdefault_realm = %s\n"
+			    "[libdefaults]\n"
+			    "\tdefault_realm = %s\n"
 			    "%s"
-			    "\tdns_lookup_realm = false\n\n"
+			    "\tdns_lookup_realm = false\n"
+			    "\tdns_lookup_kdc = true\n\n"
 			    "[realms]\n\t%s = {\n"
 			    "%s\t}\n"
 			    "%s\n",
-- 
cgit v1.2.1