summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2006-11-10 12:42:50 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:15:44 -0500
commit61a38bd4b83b7f72b479e84daa5ea89164a92f85 (patch)
tree233a96488361b043f3b94029a14355549bf0c4a9
parent331cafd30fc2de8ea1a6727b930933cf912fba27 (diff)
downloadsamba-61a38bd4b83b7f72b479e84daa5ea89164a92f85.tar.gz
samba-61a38bd4b83b7f72b479e84daa5ea89164a92f85.tar.bz2
samba-61a38bd4b83b7f72b479e84daa5ea89164a92f85.zip
r19651: Fix interesting bug with the automatic site coverage in Active Directory:
When having DC-less sites, AD assigns DCs from other sites to that site that does not have it's own DC. The most reliable way for us to identify the nearest DC - in that and all other cases - is the closest_dc flag in the CLDAP reply. Guenther (This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883)
-rw-r--r--source3/libads/ldap.c26
-rw-r--r--source3/libsmb/namequery_dc.c2
-rw-r--r--source3/nsswitch/winbindd_cm.c2
-rw-r--r--source3/utils/net_ads.c2
4 files changed, 28 insertions, 4 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 927b86fe93..5dcc3c33ba 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -139,6 +139,30 @@ BOOL ads_sitename_match(ADS_STRUCT *ads)
return False;
}
+/**********************************************
+ Is this the closest DC ?
+**********************************************/
+
+BOOL ads_closest_dc(ADS_STRUCT *ads)
+{
+ if (ads->config.flags & ADS_CLOSEST) {
+ DEBUG(10,("ads_closest_dc: ADS_CLOSEST flag set\n"));
+ return True;
+ }
+
+ /* not sure if this can ever happen */
+ if (ads_sitename_match(ads)) {
+ DEBUG(10,("ads_closest_dc: ADS_CLOSEST flag not set but sites match\n"));
+ return True;
+ }
+
+ DEBUG(10,("ads_closest_dc: %s is not the closest DC\n",
+ ads->config.ldap_server_name));
+
+ return False;
+}
+
+
/*
try a connection to a given ldap server, returning True and setting the servers IP
in the ads struct if successful
@@ -392,7 +416,7 @@ got_connection:
}
/* cache the successful connection for workgroup and realm */
- if (ads_sitename_match(ads)) {
+ if (ads_closest_dc(ads)) {
saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip));
saf_store( ads->server.realm, inet_ntoa(ads->ldap_ip));
}
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
index 5280118ab8..ceb8bbd7e6 100644
--- a/source3/libsmb/namequery_dc.c
+++ b/source3/libsmb/namequery_dc.c
@@ -79,7 +79,7 @@ static BOOL ads_dc_name(const char *domain,
}
#ifdef HAVE_KRB5
- if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) {
+ if ((ads->config.flags & ADS_KDC) && ads_closest_dc(ads)) {
/* We're going to use this KDC for this realm/domain.
If we are using sites, then force the krb5 libs
to use this KDC. */
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index f2d264b2b4..bf23af5b33 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -822,7 +822,7 @@ static BOOL dcip_to_name( const char *domainname, const char *realm,
DEBUG(10,("dcip_to_name: flags = 0x%x\n", (unsigned int)ads->config.flags));
- if ((ads->config.flags & ADS_KDC) && ads_sitename_match(ads)) {
+ if ((ads->config.flags & ADS_KDC) && ads_closest_dc(ads)) {
/* We're going to use this KDC for this realm/domain.
If we are using sites, then force the krb5 libs
to use this KDC. */
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 377bfa22b7..e1762da2f7 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -314,7 +314,7 @@ retry:
tried_closest_dc = True; /* avoid loop */
- if (!closest_dc || !site_matches) {
+ if (!ads_closest_dc(ads)) {
namecache_delete(ads->server.realm, 0x1C);
namecache_delete(ads->server.workgroup, 0x1C);