From: Stefan Metzmacher Date: Tue, 15 Oct 2024 11:37:50 +0000 (+0200) Subject: s3:winbindd: let wb_dsgetdcname* normalize to dns names on an ad_dc X-Git-Tag: tdb-1.4.13~398 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6cc8dfea6e62ea93e1d6849ed27065d73f328b6d;p=thirdparty%2Fsamba.git s3:winbindd: let wb_dsgetdcname* normalize to dns names on an ad_dc wb_dsgetdcname() is typically used by dcerpc_wbint_DsGetDcName_send() from netr_DsRGetDCName* in the netlogon server, when domain members try to ask for domain controllers of a trusted domain. The domain might disabled netbios support, so we better try the already dns name if available. Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- diff --git a/source3/winbindd/wb_dsgetdcname.c b/source3/winbindd/wb_dsgetdcname.c index 0f6acaae04a..14d5ee34d84 100644 --- a/source3/winbindd/wb_dsgetdcname.c +++ b/source3/winbindd/wb_dsgetdcname.c @@ -79,6 +79,22 @@ struct tevent_req *wb_dsgetdcname_send(TALLOC_CTX *mem_ctx, * We have to figure out the DC ourselves */ child_binding_handle = locator_child_handle(); + + if (IS_AD_DC) { + struct winbindd_domain *domain = NULL; + + /* + * If we know about the domain + * we replace a possible netbios domain name to + * a dns domain name, which means we'll always use + * dns+cldap because we have a fixed known number + * of trusted domains on a DC. + */ + domain = find_domain_from_name_noinit(domain_name); + if (domain != NULL && domain->active_directory) { + domain_name = domain->alt_name; + } + } } else { struct winbindd_domain *domain = find_our_domain(); child_binding_handle = dom_child_handle(domain);