When authenticating users in a trusted domain, the idmap_ad module
always connects to a local DC instead of one in the trusted domain.
Fix this by passing the correct realm to connect to.
Also Comment parameters passed to ads_cached_connection_connect
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c203c722e7e22f9146f2ecf6f42452c0e82042e4)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10826
Using SFU id mapping fails for users from a trusted domain
}
}
- status = ads_cached_connection_connect(adsp, realm, dom_name, ldap_server,
- password, realm, 0);
+ status = ads_cached_connection_connect(
+ adsp, /* Returns ads struct. */
+ wb_dom->alt_name, /* realm to connect to. */
+ dom_name, /* 'workgroup' name for ads_init */
+ ldap_server, /* DNS name to connect to. */
+ password, /* password for auth realm. */
+ realm, /* realm used for krb5 ticket. */
+ 0); /* renewable ticket time. */
+
SAFE_FREE(realm);
return status;