2 files changed, 9 insertions, 4 deletions

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index d0b5b4db7f..f74f1bb9e8 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -37,8 +37,7 @@ extern userdom_struct current_user_info;
   Note that we ignore the 'server' parameter here. That has the effect of using
   the 'ADS server' smb.conf parameter, which is what we really want anyway
  */
-static NTSTATUS ads_resolve_dc(const char *server, 
-			       fstring remote_machine, 
+static NTSTATUS ads_resolve_dc(fstring remote_machine, 
 			       struct in_addr *dest_ip)
 {
 	ADS_STRUCT *ads;
@@ -132,7 +131,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
         NTSTATUS result;
 
 	if (lp_security() == SEC_ADS) {
-		result = ads_resolve_dc(server, remote_machine, &dest_ip);
+		result = ads_resolve_dc(remote_machine, &dest_ip);
 	} else {
 		result = rpc_resolve_dc(server, remote_machine, &dest_ip);
 	}
@@ -366,7 +365,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 
 	while (!NT_STATUS_IS_OK(nt_status) &&
 	       next_token(&server,remote_machine,LIST_SEP,sizeof(remote_machine))) {
-		if(strequal(remote_machine, "*")) {
+		if(lp_security() != SEC_ADS && strequal(remote_machine, "*")) {
 			nt_status = find_connect_pdc(&cli, domain, setup_creds_as, sec_chan, trust_passwd, last_change_time);
 		} else {
 			nt_status = connect_to_domain_password_server(&cli, remote_machine, setup_creds_as, sec_chan, trust_passwd);
diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c
index 638dc0b22e..0be79673a0 100644
--- a/source3/libads/ads_struct.c
+++ b/source3/libads/ads_struct.c
@@ -148,6 +148,12 @@ ADS_STRUCT *ads_init(const char *realm,
 			SAFE_FREE(ads->realm);
 		}
 	}
+
+	if (!ads->realm && strchr_m(ads->workgroup, '.')) {
+		/* the smb.conf has specified the realm in 'workgroup =' */
+		ads->realm = strdup(ads->workgroup);
+	}
+
 	if (!ads->bind_path && ads->realm) {
 		ads->bind_path = ads_build_dn(ads->realm);
 	}