When we are no longer the natgw master, dont put the natgw ip on loopback.

We put the ip on loopback just to make sure we would still interoperate with
non-standard configurations on unix-KDC, that are configured to verify the optional
HostAddresses field.
This is not required for AD, since AD does not use this field, and is replaced in
unix land with other/better mechanisms than this "dodgy" check.

This makes it "easier" for applications that have bound to the natgw address
to detect a socket problem and try to reconnect/recover if the ip address
is completely missing from the system.

At the same time, use the winbind specific hook that exists to explicitely tell winbindd : this address is gone, so if you have bound to it, this is a good time to close and rebind your socket.

cq 1020333

(This used to be ctdb commit 0da94869d2912b2a412ba3fbd2137d88ce4e4389)

ctdb/config/events.d/11.natgw

@@ -91,8 +91,10 @@ case "$1" in
 		# We do this so that the ip address will exist on a
 		# non-loopback interface so that samba may send it along in the
 		# KDC requests.
-		ip addr add $CTDB_NATGW_PUBLIC_IP_HOST dev lo scope host
 		ip route add 0.0.0.0/0 via $NATGWIP metric 10
+		# Make sure winbindd does not stay bound to this address
+		# if we are no longer natgwmaster
+		smbcontrol winbindd ip-dropped $CTDB_NATGW_PUBLIC_IP >/dev/null 2>/dev/null
 	fi
 
 	# flush our route cache