s3:winbindd: Resolve dc name using CLDAP also for ROLE_IPA_DC

server role ROLE_IPA_DC (introduced in e2d5b4d) needs special handling
in dcip_check_name().  We should resolve the DC name using:
- CLDAP in dcip_check_name_ads()
instead of:
- NETBIOS in nbt_getdc() that fails if Windows is not providing netbios.

The impacted environment has:

domain->alt_name = example.com
domain->active_directory = 1
security = USER
server role = ROLE_IPA_DC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Pair-programmed-with: Andreas Schneider <asn@samba.org>

Reviewed-by: Alexander Bokovoy <ab@samba.org>

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index c5ea918cff79fa0d91048e278a161895d9ae6643..f45bb6cda99d3345d77a3c0fafa7d034db1b6da7 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1088,7 +1088,9 @@ static bool dcip_check_name(TALLOC_CTX *mem_ctx,
 
        if ((lp_security() == SEC_ADS) && (domain->alt_name != NULL)) {
                is_ad_domain = true;
-       } else if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
+       } else if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC ||
+                  lp_server_role() == ROLE_IPA_DC)
+       {
                is_ad_domain = domain->active_directory;
        }