From 6cc8dfea6e62ea93e1d6849ed27065d73f328b6d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 15 Oct 2024 13:37:50 +0200 Subject: [PATCH] s3:winbindd: let wb_dsgetdcname* normalize to dns names on an ad_dc wb_dsgetdcname() is typically used by dcerpc_wbint_DsGetDcName_send() from netr_DsRGetDCName* in the netlogon server, when domain members try to ask for domain controllers of a trusted domain. The domain might disabled netbios support, so we better try the already dns name if available. Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source3/winbindd/wb_dsgetdcname.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/source3/winbindd/wb_dsgetdcname.c b/source3/winbindd/wb_dsgetdcname.c index 0f6acaae04a..14d5ee34d84 100644 --- a/source3/winbindd/wb_dsgetdcname.c +++ b/source3/winbindd/wb_dsgetdcname.c @@ -79,6 +79,22 @@ struct tevent_req *wb_dsgetdcname_send(TALLOC_CTX *mem_ctx, * We have to figure out the DC ourselves */ child_binding_handle = locator_child_handle(); + + if (IS_AD_DC) { + struct winbindd_domain *domain = NULL; + + /* + * If we know about the domain + * we replace a possible netbios domain name to + * a dns domain name, which means we'll always use + * dns+cldap because we have a fixed known number + * of trusted domains on a DC. + */ + domain = find_domain_from_name_noinit(domain_name); + if (domain != NULL && domain->active_directory) { + domain_name = domain->alt_name; + } + } } else { struct winbindd_domain *domain = find_our_domain(); child_binding_handle = dom_child_handle(domain); -- 2.47.3