s3:libads: Also add a realm entry for the domain name

This is required if we try to authenticate as Administrator@DOMAIN so it
can find the KDC. This fixes 'net ads join' for ad_member_fips if we
require Kerberos auth.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14479

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
(cherry picked from commit 6444a743525532c70634e2dd4cacadce54ba2eab)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Thu Sep 10 09:42:31 UTC 2020 on sn-devel-184

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 15ed9e933d8089f00561d9053198ed476b825c34..03c7f35a44dba800c18bad792c6c6cf86fdc22e8 100644 (file)
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -726,11 +726,15 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
                            "\tdns_lookup_kdc = true\n\n"
                            "[realms]\n\t%s = {\n"
                            "%s\t}\n"
+                           "\t%s = {\n"
+                           "%s\t}\n"
                            "%s\n",
                            realm_upper,
                            enctypes,
                            realm_upper,
                            kdc_ip_string,
+                           domain,
+                           kdc_ip_string,
                            include_system_krb5);
 
        if (!file_contents) {