From 3bf805a38a1b901a55b08118ec04097d9787497c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Mon, 29 Sep 2014 17:16:15 +0200 Subject: [PATCH] s3-net: Force libkrb5 locator to use the same KDC for join and DNS update. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/utils/net_ads.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index e96377f..efbc3d2 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1566,6 +1566,27 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) * If the dns update fails, we still consider the join * operation as succeeded if we came this far. */ + + if (r->out.dns_domain_name != NULL) { + + /* Avoid potential libkrb5 issues finding a good KDC when we + * already found one during the join. When the locator plugin is + * installed (but winbind is not yet running) make sure we can + * force libkrb5 to reuse that KDC. - gd */ + + char *env; + + env = talloc_asprintf_strupper_m(r, + "WINBINDD_LOCATOR_KDC_ADDRESS_%s", + r->out.dns_domain_name); + if (env == NULL) { + return -1; + } + + setenv(env, r->in.ads->auth.kdc_server, 0); + setenv("_NO_WINBINDD", "1", 0); + } + _net_ads_join_dns_updates(c, ctx, r); TALLOC_FREE(r); -- 1.9.3