s3:libads: Make sure we can lookup KDCs which are not configured

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index c8aa9191c7ee6f307a2a1640da074880b0bebfee..721c3c2a92942b16ca988a18770b35853cf89140 100644 (file)
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -677,11 +677,19 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
        }
 #endif
 
+       /*
+        * We are setting 'dns_lookup_kdc' to true, because we want to lookup
+        * KDCs which are not configured via DNS SRV records, eg. if we do:
+        *
+        *     net ads join -Uadmin@otherdomain
+        */
        file_contents =
            talloc_asprintf(fname,
-                           "[libdefaults]\n\tdefault_realm = %s\n"
+                           "[libdefaults]\n"
+                           "\tdefault_realm = %s\n"
                            "%s"
-                           "\tdns_lookup_realm = false\n\n"
+                           "\tdns_lookup_realm = false\n"
+                           "\tdns_lookup_kdc = true\n\n"
                            "[realms]\n\t%s = {\n"
                            "%s\t}\n"
                            "%s\n",