s3-winbindd: Use correct realm for trusted domains in idmap child

When authenticating users in a trusted domain, the idmap_ad module
always connects to a local DC instead of one in the trusted domain.

Fix this by passing the correct realm to connect to.

Also Comment parameters passed to ads_cached_connection_connect

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index a869ff5314de00853355a2d4551908ae63717238..1da24624fabe948e291773d7778efcc358a4ae45 100644 (file)
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -188,8 +188,15 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name)
                }
        }
 
-       status = ads_cached_connection_connect(adsp, realm, dom_name, ldap_server,
-                                              password, realm, 0);
+       status = ads_cached_connection_connect(
+               adsp,                   /* Returns ads struct. */
+               wb_dom->alt_name,       /* realm to connect to. */
+               dom_name,               /* 'workgroup' name for ads_init */
+               ldap_server,            /* DNS name to connect to. */
+               password,               /* password for auth realm. */
+               realm,                  /* realm used for krb5 ticket. */
+               0);                     /* renewable ticket time. */
+
        SAFE_FREE(realm);
        TALLOC_FREE(ldap_server);