From 3ca606731b99754493ab5a8d761225c637bc82dd Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Fri, 25 Jan 2008 16:40:17 +0100
Subject: Fix winbindd_can_contact_domain() on a samba DC.

The check for inbound trusts is invalid when samba is a DC
and has a trust with an active directory domain.

This effectively prevented tusts with an AD domain on a
samba DC from working (unless using "winbindd rpc only"),
because an ads_connect() was never performed. Only the
rpc-based winbindd methods were working properly.

Jerry: Please check!

Michael
(This used to be commit dcd42a1e0642c69348adfaeecef7f7f2f074ac30)
---
 source3/winbindd/winbindd_util.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'source3/winbindd/winbindd_util.c')

diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 3d9ede3cdf..d16b7423a1 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1398,10 +1398,13 @@ bool winbindd_can_contact_domain( struct winbindd_domain *domain )
 	if ( domain->domain_flags & DS_DOMAIN_IN_FOREST )
 		return True;	
 
-	/* We cannot contact the domain if it is running AD and
-	   we have no inbound trust */
+	/*
+	 * On a _member_ server, we cannot contact the domain if it
+	 * is running AD and we have no inbound trust.
+	 */
 
-	if ( domain->active_directory && 
+	if ( !IS_DC &&
+	     domain->active_directory &&
 	     ((domain->domain_flags&DS_DOMAIN_DIRECT_INBOUND) != DS_DOMAIN_DIRECT_INBOUND) ) 
 	{
 		DEBUG(10, ("Domain is an AD domain and we have no inbound "
-- 
cgit