From 95a55df021b3f112a18c64a5f5897182ae8b7df8 Mon Sep 17 00:00:00 2001 From: Garming Sam Date: Mon, 30 Jun 2014 14:23:58 +1200 Subject: winbindd: Allow the AD-DC to call getdcname This is particularly useful for RODC and eliminates a knownfail. Change-Id: Ia5089761dcabb1620eadd530dbc9b05580cddd1f Signed-off-by: Garming Sam Reviewed-by: Nadezhda Ivanova --- selftest/knownfail | 1 - source3/winbindd/wb_dsgetdcname.c | 22 ++++++++++++++++------ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/selftest/knownfail b/selftest/knownfail index deeb8fac69..753442e02d 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -273,7 +273,6 @@ ^samba.wbinfo_simple.\(s4member:local\).--allocate-gid ^samba.wbinfo_simple.\(plugin_s4_dc:local\).--allocate-uid ^samba.wbinfo_simple.\(plugin_s4_dc:local\).--allocate-gid -^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --getdcname against plugin_s4_dc\(plugin_s4_dc:local\) # # These do not work against winbindd in member mode for unknown reasons # diff --git a/source3/winbindd/wb_dsgetdcname.c b/source3/winbindd/wb_dsgetdcname.c index bc952cd03d..db6cde9302 100644 --- a/source3/winbindd/wb_dsgetdcname.c +++ b/source3/winbindd/wb_dsgetdcname.c @@ -45,18 +45,28 @@ struct tevent_req *wb_dsgetdcname_send(TALLOC_CTX *mem_ctx, return NULL; } - if (strequal(domain_name, "BUILTIN") - || strequal(domain_name, get_global_sam_name())) { + if (strequal(domain_name, "BUILTIN")) { /* - * Two options here: Give back our own address, or say there's - * nobody around. Right now opting for the latter, one measure - * to prevent the loopback connects. This might change if - * needed. + * This makes no sense */ tevent_req_nterror(req, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND); return tevent_req_post(req, ev); } + if (strequal(domain_name, get_global_sam_name())) { + int role = lp_server_role(); + if ( role != ROLE_ACTIVE_DIRECTORY_DC ) { + /* + * Two options here: Give back our own address, or say there's + * nobody around. Right now opting for the latter, one measure + * to prevent the loopback connects. This might change if + * needed. + */ + tevent_req_nterror(req, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND); + return tevent_req_post(req, ev); + } + } + if (IS_DC) { /* * We have to figure out the DC ourselves -- cgit