--- samba-4.2.0~rc2/source4/dsdb/samdb/ldb_modules/partition.c.orig 2015-02-11 22:11:49.974052000 +0100 +++ samba-4.2.0~rc2/source4/dsdb/samdb/ldb_modules/partition.c 2015-02-11 22:12:37.218052000 +0100 @@ -528,6 +528,11 @@ static int partition_replicate(struct ld return partition_call_first(ac); } +struct Dict { + char *key; + char *val; +}; + /* search */ static int partition_search(struct ldb_module *module, struct ldb_request *req) { @@ -548,6 +553,8 @@ static int partition_search(struct ldb_m unsigned int i, j; int ret; bool domain_scope = false, phantom_root = false; + struct ldb_result *res; + char * partition_host_domainname; p = find_partition(data, NULL, req); if (p != NULL) { @@ -605,6 +612,16 @@ static int partition_search(struct ldb_m lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"), struct loadparm_context); + char *forestdnszones_dn = talloc_asprintf(ac, "DC=ForestDnsZones,%s", ldb_dn_get_linearized(ldb_get_default_basedn(ldb))); + char *forestdnszones_fqdn = talloc_asprintf(ac, "ForestDnsZones.%s", lpcfg_dnsdomain(lp_ctx)); + char *domaindnszones_dn = talloc_asprintf(ac, "DC=DomainDnsZones,%s", ldb_dn_get_linearized(ldb_get_default_basedn(ldb))); + char *domaindnszones_fqdn = talloc_asprintf(ac, "DomainDnsZones.%s", lpcfg_dnsdomain(lp_ctx)); + struct Dict dn_to_fqdn_map[] = { + { forestdnszones_dn, forestdnszones_fqdn }, + { domaindnszones_dn, domaindnszones_fqdn }, + NULL + }; + /* Search from the base DN */ if (ldb_dn_is_null(req->op.search.base)) { if (!phantom_root) { @@ -681,12 +698,23 @@ static int partition_search(struct ldb_m data->partitions[i]->ctrl->dn) == 0) && (ldb_dn_compare(req->op.search.base, data->partitions[i]->ctrl->dn) != 0)) { + + partition_host_domainname = lpcfg_dnsdomain(lp_ctx); + for (j=0; j<2; j++) { + if (strcasecmp_m(ldb_dn_get_linearized(data->partitions[i]->ctrl->dn), dn_to_fqdn_map[j].key) == 0) { + partition_host_domainname = dn_to_fqdn_map[j].val; + break; + } + } + char *ref = talloc_asprintf(ac, "ldap://%s/%s%s", - lpcfg_dnsdomain(lp_ctx), + partition_host_domainname, + // lpcfg_dnsdomain(lp_ctx), ldb_dn_get_linearized(data->partitions[i]->ctrl->dn), req->op.search.scope == LDB_SCOPE_ONELEVEL ? "??base" : ""); + if (ref == NULL) { return ldb_oom(ldb); } --- samba-4.2.0~rc2/source4/dsdb/samdb/ldb_modules/netlogon.c.orig 2015-02-11 22:12:10.518052000 +0100 +++ samba-4.2.0~rc2/source4/dsdb/samdb/ldb_modules/netlogon.c 2015-02-11 22:14:22.950052000 +0100 @@ -71,6 +71,7 @@ NTSTATUS fill_netlogon_samlogon_response const char *server_site; const char *client_site; const char *pdc_ip; + const char *application_fqdn = NULL; struct ldb_dn *domain_dn = NULL; struct interface *ifaces; bool user_known = false, am_rodc = false; @@ -83,8 +84,34 @@ NTSTATUS fill_netlogon_samlogon_response } /* Lookup using long or short domainname */ - if (domain && (strcasecmp_m(domain, lpcfg_dnsdomain(lp_ctx)) == 0)) { - domain_dn = ldb_get_default_basedn(sam_ctx); + domain_dn = ldb_get_default_basedn(sam_ctx); + if (domain) { + if (strcasecmp_m(domain, lpcfg_dnsdomain(lp_ctx)) == 0) { + domain_dn = ldb_get_default_basedn(sam_ctx); + } else { + application_fqdn = talloc_asprintf(mem_ctx, "ForestDnsZones.%s", + lpcfg_dnsdomain(lp_ctx)); + if (domain && (strcasecmp_m(domain, application_fqdn) == 0)) { + domain_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx)); + NT_STATUS_HAVE_NO_MEMORY(domain_dn); + if (!ldb_dn_add_child_fmt(domain_dn, "DC=ForestDnsZones")) { + return NT_STATUS_NO_MEMORY; + } + } else { + talloc_free(application_fqdn); + application_fqdn = talloc_asprintf(mem_ctx, "DomainDnsZones.%s", + lpcfg_dnsdomain(lp_ctx)); + if (domain && (strcasecmp_m(domain, application_fqdn) == 0)) { + domain_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx)); + NT_STATUS_HAVE_NO_MEMORY(domain_dn); + if (!ldb_dn_add_child_fmt(domain_dn, "DC=DomainDnsZones")) { + return NT_STATUS_NO_MEMORY; + } + } else { + talloc_free(application_fqdn); + } + } + } } if (netbios_domain && (strcasecmp_m(netbios_domain, lpcfg_sam_name(lp_ctx)) == 0)) { domain_dn = ldb_get_default_basedn(sam_ctx); @@ -274,6 +301,17 @@ NTSTATUS fill_netlogon_samlogon_response NT_STATUS_HAVE_NO_MEMORY(pdc_dns_name); flatname = lpcfg_workgroup(lp_ctx); + if (application_fqdn) { + if (!(version & NETLOGON_NT_VERSION_PDC)) { + dns_domain = application_fqdn; + server_type = DS_SERVER_NDNC; + server_type |= DS_SERVER_WRITABLE; + server_type |= DS_SERVER_LDAP; + } else { + DEBUG(2,("DEBUG: netlogon application_fqdn NETLOGON_NT_VERSION_PDC\n")); + } + } + server_site = samdb_server_site_name(sam_ctx, mem_ctx); NT_STATUS_HAVE_NO_MEMORY(server_site); client_site = samdb_client_site_name(sam_ctx, mem_ctx, @@ -309,7 +347,9 @@ NTSTATUS fill_netlogon_samlogon_response } netlogon->data.nt5_ex.pdc_name = pdc_name; netlogon->data.nt5_ex.user_name = user; - netlogon->data.nt5_ex.domain_name = flatname; + if (!application_fqdn) { + netlogon->data.nt5_ex.domain_name = flatname; + } netlogon->data.nt5_ex.domain_uuid = domain_uuid; netlogon->data.nt5_ex.forest = forest_domain; netlogon->data.nt5_ex.dns_domain = dns_domain; @@ -339,7 +379,9 @@ NTSTATUS fill_netlogon_samlogon_response } netlogon->data.nt5.pdc_name = pdc_name; netlogon->data.nt5.user_name = user; - netlogon->data.nt5.domain_name = flatname; + if (!application_fqdn) { + netlogon->data.nt5.domain_name = flatname; + } netlogon->data.nt5.domain_uuid = domain_uuid; netlogon->data.nt5.forest = forest_domain; netlogon->data.nt5.dns_domain = dns_domain; @@ -360,7 +402,9 @@ NTSTATUS fill_netlogon_samlogon_response } netlogon->data.nt4.pdc_name = pdc_name; netlogon->data.nt4.user_name = user; - netlogon->data.nt4.domain_name = flatname; + if (!application_fqdn) { + netlogon->data.nt4.domain_name = flatname; + } netlogon->data.nt4.nt_version = NETLOGON_NT_VERSION_1; netlogon->data.nt4.lmnt_token = 0xFFFF; netlogon->data.nt4.lm20_token = 0xFFFF;