r18557: If you've set security=ads, do the DNS queries first.

Doing otherwise means site support doesn't work correctly.
Jeremy.
(This used to be commit 06a75f3b935b30c60ab4690634b26cdcd7f02b90)

diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 6fc473283c72eb8bb27f1873a0495ba4b2ad6131..3ba6f422519d5d92617c57e83db65eb673a662c1 100644 (file)
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -832,7 +832,6 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain,
                return True;
        }
 
-#ifdef WITH_ADS
        if (sec == SEC_ADS) {
                /* We need to make sure we know the local site before
                   doing any DNS queries, as this will restrict the
@@ -843,17 +842,15 @@ static BOOL get_dcs(TALLOC_CTX *mem_ctx, const struct winbindd_domain *domain,
                   We deliberately don't care about the
                   return here. */
                get_dc_name(domain->name, lp_realm(), dcname, &ip);
-        }
-#endif
-
-       /* try standard netbios queries first */
 
-       get_sorted_dc_list(domain->name, &ip_list, &iplist_size, False);
+               /* Now do the site-specific AD dns lookup. */
+               get_sorted_dc_list(domain->alt_name, &ip_list, &iplist_size, True);
+        }
 
-       /* check for security = ads and use DNS if we can */
+       /* try standard netbios queries if no ADS */
 
-       if ( iplist_size==0 && sec == SEC_ADS ) 
-               get_sorted_dc_list(domain->alt_name, &ip_list, &iplist_size, True);
+       if (iplist_size==0) 
+               get_sorted_dc_list(domain->name, &ip_list, &iplist_size, False);
 
        /* FIXME!! this is where we should re-insert the GETDC requests --jerry */