From 1052e48e87fc1cf0e93ce880fce1820bd842055b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 15 Sep 2006 16:03:11 +0000 Subject: r18557: If you've set security=ads, do the DNS queries first. Doing otherwise means site support doesn't work correctly. Jeremy. (This used to be commit 06a75f3b935b30c60ab4690634b26cdcd7f02b90) --- source3/nsswitch/winbindd_cm.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index 6fc473283c..3ba6f42251 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -832,7 +832,6 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain, return True; } -#ifdef WITH_ADS if (sec == SEC_ADS) { /* We need to make sure we know the local site before doing any DNS queries, as this will restrict the @@ -843,17 +842,15 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain, We deliberately don't care about the return here. */ get_dc_name(domain->name, lp_realm(), dcname, &ip); - } -#endif - - /* try standard netbios queries first */ - get_sorted_dc_list(domain->name, &ip_list, &iplist_size, False); + /* Now do the site-specific AD dns lookup. */ + get_sorted_dc_list(domain->alt_name, &ip_list, &iplist_size, True); + } - /* check for security = ads and use DNS if we can */ + /* try standard netbios queries if no ADS */ - if ( iplist_size==0 && sec == SEC_ADS ) - get_sorted_dc_list(domain->alt_name, &ip_list, &iplist_size, True); + if (iplist_size==0) + get_sorted_dc_list(domain->name, &ip_list, &iplist_size, False); /* FIXME!! this is where we should re-insert the GETDC requests --jerry */ -- cgit