r18557: If you've set security=ads, do the DNS queries first.

Doing otherwise means site support doesn't work correctly.
Jeremy.
(This used to be commit 06a75f3b935b30c60ab4690634b26cdcd7f02b90)

1 files changed, 6 insertions, 9 deletions

diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 6fc473283c..3ba6f42251 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -832,7 +832,6 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain,
 		return True;
 	}
 
-#ifdef WITH_ADS
 	if (sec == SEC_ADS) {
 		/* We need to make sure we know the local site before
 		   doing any DNS queries, as this will restrict the
@@ -843,17 +842,15 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain,
 		   We deliberately don't care about the
 		   return here. */
 		get_dc_name(domain->name, lp_realm(), dcname, &ip);
-        }
-#endif
-
-	/* try standard netbios queries first */
 
-	get_sorted_dc_list(domain->name, &ip_list, &iplist_size, False);
+		/* Now do the site-specific AD dns lookup. */
+		get_sorted_dc_list(domain->alt_name, &ip_list, &iplist_size, True);
+        }
 
-	/* check for security = ads and use DNS if we can */
+	/* try standard netbios queries if no ADS */
 
-	if ( iplist_size==0 && sec == SEC_ADS ) 
-		get_sorted_dc_list(domain->alt_name, &ip_list, &iplist_size, True);
+	if (iplist_size==0) 
+		get_sorted_dc_list(domain->name, &ip_list, &iplist_size, False);
 
 	/* FIXME!! this is where we should re-insert the GETDC requests --jerry */