From a72150272091a0ffb86cf1745814c297a2f83510 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 28 Aug 2014 13:53:26 -0700
Subject: [PATCH] s3-winbindd: Use correct realm for trusted domains in idmap
 child

When authenticating users in a trusted domain, the idmap_ad module
always connects to a local DC instead of one in the trusted domain.

Fix this by passing the correct realm to connect to.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 source3/winbindd/winbindd_ads.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index a869ff5..c247ae0 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -188,8 +188,13 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name)
 		}
 	}
 
-	status = ads_cached_connection_connect(adsp, realm, dom_name, ldap_server,
-					       password, realm, 0);
+	status = ads_cached_connection_connect(adsp, /* Returns ads struct. */
+			wb_dom->alt_name, /* realm to connect to. */
+			dom_name,	  /* 'workgroup' name for ads_init */
+			ldap_server,	  /* DNS name to connect to. */
+			password,	  /* password for auth realm. */
+			realm,		  /* realm used for krb5 ticket. */
+			0);		  /* renewable ticket time. */
 	SAFE_FREE(realm);
 	TALLOC_FREE(ldap_server);
 
-- 
2.1.0.rc2.206.gedb03e5