diff options
author | Jeremy Allison <jra@samba.org> | 2006-08-31 01:20:21 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:39:01 -0500 |
commit | 6fada7a82aa67e7b80ff003bd527092da68542c8 (patch) | |
tree | 0ab9bac0531b4ac511e0d42979d04cf6dff559eb /source3/nsswitch | |
parent | 256172f7d6dd384ea95457dd6322e0289057ac56 (diff) | |
download | samba-6fada7a82aa67e7b80ff003bd527092da68542c8.tar.gz samba-6fada7a82aa67e7b80ff003bd527092da68542c8.tar.bz2 samba-6fada7a82aa67e7b80ff003bd527092da68542c8.zip |
r17943: The horror, the horror. Add KDC site support by
writing out a custom krb5.conf file containing
the KDC I need. This may suck.... Needs some
testing :-).
Jeremy.
(This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r-- | source3/nsswitch/winbindd_cm.c | 63 |
1 files changed, 37 insertions, 26 deletions
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index 2f2bfb60ee..a09faaed94 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -590,7 +590,43 @@ static BOOL dcip_to_name( const char *domainname, const char *realm, ip_list.ip = ip; ip_list.port = 0; - /* try GETDC requests first */ +#ifdef WITH_ADS + /* For active directory servers, try to get the ldap server name. + None of these failures should be considered critical for now */ + + if ( lp_security() == SEC_ADS ) { + ADS_STRUCT *ads; + + ads = ads_init(realm, domainname, NULL); + ads->auth.flags |= ADS_AUTH_NO_BIND; + + if (ads_try_connect( ads, inet_ntoa(ip) ) ) { + const char *sitename = sitename_fetch(); + /* We got a cldap packet. */ + fstrcpy(name, ads->config.ldap_server_name); + namecache_store(name, 0x20, 1, &ip_list); + +#ifdef HAVE_KRB5 + if ((ads->config.flags & ADS_KDC) && sitename) { + /* We're going to use this KDC for this realm/domain. + If we are using sites, then force the krb5 libs + to use this KDC. */ + + create_local_private_krb5_conf_for_domain(realm, + domainname, + ip); + } +#endif + SAFE_FREE(sitename); + ads_destroy( &ads ); + return True; + } + + ads_destroy( &ads ); + } +#endif + + /* try GETDC requests next */ if (send_getdc_request(ip, domainname, sid)) { int i; @@ -610,31 +646,6 @@ static BOOL dcip_to_name( const char *domainname, const char *realm, namecache_store(name, 0x20, 1, &ip_list); return True; } - -#ifdef WITH_ADS - /* for active directory servers, try to get the ldap server name. - None of these failure should be considered critical for now */ - - if ( lp_security() == SEC_ADS ) - { - ADS_STRUCT *ads; - - ads = ads_init( realm, domainname, NULL ); - ads->auth.flags |= ADS_AUTH_NO_BIND; - - if ( !ads_try_connect( ads, inet_ntoa(ip) ) ) { - ads_destroy( &ads ); - return False; - } - - fstrcpy(name, ads->config.ldap_server_name); - namecache_store(name, 0x20, 1, &ip_list); - - ads_destroy( &ads ); - return True; - } -#endif - return False; } |