summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libads/ldap.c10
-rw-r--r--source3/nsswitch/winbindd_cm.c18
2 files changed, 21 insertions, 7 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index c943558bd3..947f58a8fd 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -169,10 +169,6 @@ BOOL ads_try_connect(ADS_STRUCT *ads, const char *server )
ads->ldap_ip = *interpret_addr2(srv);
SAFE_FREE(srv);
- /* cache the successful connection */
-
- saf_store( ads->server.workgroup, server );
-
/* Store our site name. */
sitename_store( cldap_reply.client_site_name );
@@ -243,7 +239,7 @@ again:
return status;
}
-
+
/* if we fail this loop, then giveup since all the IP addresses returned were dead */
for ( i=0; i<count; i++ ) {
fstring server;
@@ -338,6 +334,10 @@ got_connection:
{
return ADS_ERROR(LDAP_OPERATIONS_ERROR);
}
+
+ /* cache the successful connection */
+ saf_store( ads->server.workgroup, inet_ntoa(ads->ldap_ip));
+
ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
status = ADS_ERROR(smb_ldap_start_tls(ads->ld, version));
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index cea30f730d..2f2bfb60ee 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -652,7 +652,7 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain,
int iplist_size = 0;
int i;
BOOL is_our_domain;
-
+ enum security_types sec = (enum security_types)lp_security();
is_our_domain = strequal(domain->name, lp_workgroup());
@@ -665,13 +665,27 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain,
return True;
}
+#ifdef WITH_ADS
+ if (sec == SEC_ADS) {
+ /* We need to make sure we know the local site before
+ doing any DNS queries, as this will restrict the
+ get_sorted_dc_list() call below to only fetching
+ DNS records for the correct site. */
+
+ /* Find any DC to get the site record.
+ We deliberately don't care about the
+ return here. */
+ get_dc_name(domain->name, lp_realm(), dcname, &ip);
+ }
+#endif
+
/* try standard netbios queries first */
get_sorted_dc_list(domain->name, &ip_list, &iplist_size, False);
/* check for security = ads and use DNS if we can */
- if ( iplist_size==0 && lp_security() == SEC_ADS )
+ if ( iplist_size==0 && sec == SEC_ADS )
get_sorted_dc_list(domain->alt_name, &ip_list, &iplist_size, True);
/* FIXME!! this is where we should re-insert the GETDC requests --jerry */