diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 107595c64aa..90be0434c36 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -2466,7 +2466,7 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context, /* w2k8r2 sometimes gives us a kvno of 255 for inter-domain trust tickets. We don't yet know what this means, but we do seem to need to treat it as unspecified */ - if (flags & SDB_F_KVNO_SPECIFIED) { + if (flags & (SDB_F_KVNO_SPECIFIED|SDB_F_RODC_NUMBER_SPECIFIED)) { krbtgt_number = SAMBA_KVNO_GET_KRBTGT(kvno); if (kdc_db_ctx->rodc) { if (krbtgt_number != kdc_db_ctx->my_krbtgt_number) { diff --git a/source4/kdc/sdb.h b/source4/kdc/sdb.h index cc04039ac6d..820648a0698 100644 --- a/source4/kdc/sdb.h +++ b/source4/kdc/sdb.h @@ -134,8 +134,9 @@ struct sdb_entry { SDB_F_ARMOR_PRINCIPAL| \ SDB_F_USER2USER_PRINCIPAL) -/* This is not supported by HDB */ +/* These are not supported by HDB */ #define SDB_F_FORCE_CANON 16384 /* force canonicalization */ +#define SDB_F_RODC_NUMBER_SPECIFIED 32768 /* we want a particular RODC number */ void sdb_key_free(struct sdb_key *key); void sdb_keys_free(struct sdb_keys *keys);