selftest: use dns_lookup_* = true in krb5.conf

We only need to specify explicit entries for the local realm
in order to provision the server.

Everything else is handled by real dns or faked dns via resolv wrapper.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

selftest/target/Samba.pm

@@ -77,7 +77,7 @@ sub nss_wrapper_winbind_so_path($) {
 
 sub mk_krb5_conf($$)
 {
-	my ($ctx, $other_realms_stanza) = @_;
+	my ($ctx) = @_;
 
 	unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) {
 	        warn("can't open $ctx->{krb5_conf}$?");
@@ -93,15 +93,14 @@ sub mk_krb5_conf($$)
 
 [libdefaults]
  default_realm = $ctx->{realm}
- dns_lookup_realm = false
- dns_lookup_kdc = false
+ dns_lookup_realm = true
+ dns_lookup_kdc = true
  ticket_lifetime = 24h
  forwardable = yes
  allow_weak_crypto = yes
 
 [realms]
  $our_realms_stanza
- $other_realms_stanza
 ";
 
 

selftest/target/Samba4.pm

@@ -697,7 +697,7 @@ sub provision_raw_step1($$)
 		$ctx->{kdc_ipv6} = $ctx->{ipv6};
 	}
 
-	Samba::mk_krb5_conf($ctx, "");
+	Samba::mk_krb5_conf($ctx);
 
 	open(PWD, ">$ctx->{nsswrap_passwd}");
 	if ($ctx->{unix_uid} != 0) {
@@ -1388,17 +1388,7 @@ sub provision_subdom_dc($$$)
 		return undef;
 	}
 
-        # This ensures we share the krb5.conf with the main DC, so
-        # they can find each other.  Sadly only works between 'dc' and
-        # 'subdom_dc', the other DCs won't see it
-
-        my $dc_realms = Samba::mk_realms_stanza($dcvars->{REALM}, lc($dcvars->{REALM}),
-                                                $dcvars->{DOMAIN}, $dcvars->{SERVER_IP});
-
-        $ret->{KRB5_CONFIG} = $dcvars->{KRB5_CONFIG};
-        $ctx->{krb5_conf} = $dcvars->{KRB5_CONFIG};
-
-	Samba::mk_krb5_conf($ctx, $dc_realms);
+	Samba::mk_krb5_conf($ctx);
 
 	my $samba_tool =  Samba::bindir_path($self, "samba-tool");
 	my $cmd = "";