Fix winbindd_can_contact_domain() on a samba DC.

The check for inbound trusts is invalid when samba is a DC
and has a trust with an active directory domain.

This effectively prevented tusts with an AD domain on a
samba DC from working (unless using "winbindd rpc only"),
because an ads_connect() was never performed. Only the
rpc-based winbindd methods were working properly.

Jerry: Please check!

Michael
(This used to be commit dcd42a1e0642c69348adfaeecef7f7f2f074ac30)

diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 3d9ede3cdf4df2514214f531e4501ba21d2d15c6..d16b7423a176d96e692b5245063ea8ee2ca094e4 100644 (file)
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1398,10 +1398,13 @@ bool winbindd_can_contact_domain( struct winbindd_domain *domain )
        if ( domain->domain_flags & DS_DOMAIN_IN_FOREST )
                return True;    
 
-       /* We cannot contact the domain if it is running AD and
-          we have no inbound trust */
+       /*
+        * On a _member_ server, we cannot contact the domain if it
+        * is running AD and we have no inbound trust.
+        */
 
-       if ( domain->active_directory && 
+       if ( !IS_DC &&
+            domain->active_directory &&
             ((domain->domain_flags&DS_DOMAIN_DIRECT_INBOUND) != DS_DOMAIN_DIRECT_INBOUND) ) 
        {
                DEBUG(10, ("Domain is an AD domain and we have no inbound "