From a8e2ea60831fca3e5dc6efea3520cea60bffdf9a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pavel=20Filipensk=C3=BD?= Date: Wed, 23 Jul 2025 15:09:21 +0200 Subject: [PATCH] s3:winbindd: Resolve dc name using CLDAP also for ROLE_IPA_DC MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit server role ROLE_IPA_DC (introduced in e2d5b4d) needs special handling in dcip_check_name(). We should resolve the DC name using: - CLDAP in dcip_check_name_ads() instead of: - NETBIOS in nbt_getdc() that fails if Windows is not providing netbios. The impacted environment has: domain->alt_name = example.com domain->active_directory = 1 security = USER server role = ROLE_IPA_DC BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891 Signed-off-by: Pavel Filipenský Signed-off-by: Andreas Schneider Pair-programmed-with: Andreas Schneider Reviewed-by: Alexander Bokovoy (cherry picked from commit 4921c3304e5e0480e5bb80a757b3f04b3b92c3b1) --- source3/winbindd/winbindd_cm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 53800988306..bb2e4c0405d 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1089,7 +1089,9 @@ static bool dcip_check_name(TALLOC_CTX *mem_ctx, if ((lp_security() == SEC_ADS) && (domain->alt_name != NULL)) { is_ad_domain = true; - } else if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) { + } else if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC || + lp_server_role() == ROLE_IPA_DC) + { is_ad_domain = domain->active_directory; } -- 2.47.2