From a4db672e26811e2ece0cb91f0cc181d3e271eb68 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 1 Mar 2007 14:44:25 +0000 Subject: r21633: First real fix from me found during the bug hunt. ads_cached_connection() does not call get_dc_name() before ads_connect() and therefore does not setup the environment to look at krb5.conf.DOMAIN file before sending the TGT request. The failure I'm seeing occurs ni a multi-DC domain where we get back preuath failed after we just joined the domain. (This used to be commit 256f36dce3e3a39798b2ad38fa3123669d670597) --- source3/nsswitch/winbindd_ads.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/nsswitch/winbindd_ads.c') diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index 9c8f23b1cf..9d965675c0 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -40,6 +40,8 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) { ADS_STRUCT *ads; ADS_STATUS status; + fstring dc_name; + struct in_addr dc_ip; DEBUG(10,("ads_cached_connection\n")); @@ -114,6 +116,12 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) ads->auth.renewable = WINBINDD_PAM_AUTH_KRB5_RENEW_TIME; + /* Setup the server affinity cache. We don't reaally care + about the name. Just setup affinity and the KRB5_CONFIG + file. */ + + get_dc_name( "", ads->auth.realm, dc_name, &dc_ip ); + status = ads_connect(ads); if (!ADS_ERR_OK(status) || !ads->config.realm) { DEBUG(1,("ads_connect for domain %s failed: %s\n", -- cgit