diff options
| author | Garming Sam <garming@catalyst.net.nz> | 2014-06-30 14:23:58 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2014-07-04 02:52:35 +0200 |
| commit | 95a55df021b3f112a18c64a5f5897182ae8b7df8 (patch) | |
| tree | 16f3a50794800e7dff6155de6842902cd2d0732f | |
| parent | a0105b84b85094375ab92c9e6ca4c9e0a2a531f5 (diff) | |
| download | samba-95a55df021b3f112a18c64a5f5897182ae8b7df8.tar.gz samba-95a55df021b3f112a18c64a5f5897182ae8b7df8.tar.xz samba-95a55df021b3f112a18c64a5f5897182ae8b7df8.zip | |
winbindd: Allow the AD-DC to call getdcname
This is particularly useful for RODC and eliminates a knownfail.
Change-Id: Ia5089761dcabb1620eadd530dbc9b05580cddd1f
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
| -rw-r--r-- | selftest/knownfail | 1 | ||||
| -rw-r--r-- | source3/winbindd/wb_dsgetdcname.c | 22 |
2 files changed, 16 insertions, 7 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index deeb8fac69..753442e02d 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -273,7 +273,6 @@ ^samba.wbinfo_simple.\(s4member:local\).--allocate-gid ^samba.wbinfo_simple.\(plugin_s4_dc:local\).--allocate-uid ^samba.wbinfo_simple.\(plugin_s4_dc:local\).--allocate-gid -^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --getdcname against plugin_s4_dc\(plugin_s4_dc:local\) # # These do not work against winbindd in member mode for unknown reasons # diff --git a/source3/winbindd/wb_dsgetdcname.c b/source3/winbindd/wb_dsgetdcname.c index bc952cd03d..db6cde9302 100644 --- a/source3/winbindd/wb_dsgetdcname.c +++ b/source3/winbindd/wb_dsgetdcname.c @@ -45,18 +45,28 @@ struct tevent_req *wb_dsgetdcname_send(TALLOC_CTX *mem_ctx, return NULL; } - if (strequal(domain_name, "BUILTIN") - || strequal(domain_name, get_global_sam_name())) { + if (strequal(domain_name, "BUILTIN")) { /* - * Two options here: Give back our own address, or say there's - * nobody around. Right now opting for the latter, one measure - * to prevent the loopback connects. This might change if - * needed. + * This makes no sense */ tevent_req_nterror(req, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND); return tevent_req_post(req, ev); } + if (strequal(domain_name, get_global_sam_name())) { + int role = lp_server_role(); + if ( role != ROLE_ACTIVE_DIRECTORY_DC ) { + /* + * Two options here: Give back our own address, or say there's + * nobody around. Right now opting for the latter, one measure + * to prevent the loopback connects. This might change if + * needed. + */ + tevent_req_nterror(req, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND); + return tevent_req_post(req, ev); + } + } + if (IS_DC) { /* * We have to figure out the DC ourselves |