diff options
-rw-r--r-- | source3/libads/ldap.c | 10 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_cm.c | 18 |
2 files changed, 21 insertions, 7 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index c943558bd3..947f58a8fd 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -169,10 +169,6 @@ BOOL ads_try_connect(ADS_STRUCT *ads, const char *server ) ads->ldap_ip = *interpret_addr2(srv); SAFE_FREE(srv); - /* cache the successful connection */ - - saf_store( ads->server.workgroup, server ); - /* Store our site name. */ sitename_store( cldap_reply.client_site_name ); @@ -243,7 +239,7 @@ again: return status; } - + /* if we fail this loop, then giveup since all the IP addresses returned were dead */ for ( i=0; i<count; i++ ) { fstring server; @@ -338,6 +334,10 @@ got_connection: { return ADS_ERROR(LDAP_OPERATIONS_ERROR); } + + /* cache the successful connection */ + saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip)); + ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version); status = ADS_ERROR(smb_ldap_start_tls(ads->ld, version)); diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index cea30f730d..2f2bfb60ee 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -652,7 +652,7 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain, int iplist_size = 0; int i; BOOL is_our_domain; - + enum security_types sec = (enum security_types)lp_security(); is_our_domain = strequal(domain->name, lp_workgroup()); @@ -665,13 +665,27 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain, return True; } +#ifdef WITH_ADS + if (sec == SEC_ADS) { + /* We need to make sure we know the local site before + doing any DNS queries, as this will restrict the + get_sorted_dc_list() call below to only fetching + DNS records for the correct site. */ + + /* Find any DC to get the site record. + We deliberately don't care about the + return here. */ + get_dc_name(domain->name, lp_realm(), dcname, &ip); + } +#endif + /* try standard netbios queries first */ get_sorted_dc_list(domain->name, &ip_list, &iplist_size, False); /* check for security = ads and use DNS if we can */ - if ( iplist_size==0 && lp_security() == SEC_ADS ) + if ( iplist_size==0 && sec == SEC_ADS ) get_sorted_dc_list(domain->alt_name, &ip_list, &iplist_size, True); /* FIXME!! this is where we should re-insert the GETDC requests --jerry */ |