From 289c633685774e15b9298391e46d4149401bdc24 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 2 Feb 2018 21:06:38 +0100
Subject: [PATCH] provision: fix the 'dnsdomain' for the local sam of a domain
 member

A member has a local AD database, which should not use the 'dnsdomain'
as the one on domain controllers.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13285

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b02de5ad3e04babe1565868c69422cfc778458d9)
---
 python/samba/provision/__init__.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 2a926bbecf2..558587c3124 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -654,6 +654,22 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
     if domain == realm and not domain_names_forced:
         raise ProvisioningError("guess_names: Realm '%s' must not be equal to short domain name '%s'!" % (realm, domain))
 
+    if serverrole != "active directory domain controller":
+        #
+        # This is the code path for a domain member
+        # where we provision the database as if we where
+        # on a domain controller, so we should not use
+        # the same dnsdomain as the domain controllers
+        # of our primary domain.
+        #
+        # This will be important if we start doing
+        # SID/name filtering and reject the local
+        # sid and names if they come from a domain
+        # controller.
+        #
+        realm = netbiosname
+        dnsdomain = netbiosname.lower()
+
     if rootdn is None:
        rootdn = domaindn
 
-- 
2.13.6