Correct generated krb5.conf file to actually find own realm

0002-samba-tool-create-working-private-krb5.conf.patch

@@ -0,0 +1,42 @@
+From 5a084994144704a6c146b94f8a22cf57ce08deab Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <ab@samba.org>
+Date: Mon, 7 Oct 2019 18:24:28 +0300
+Subject: [PATCH] samba-tool: create working private krb5.conf
+
+DNS update tool uses private krb5.conf which should have enough details
+to authenticate with GSS-TSIG when running nsupdate.
+
+Unfortunately, the configuration we provide is not enough. We set
+defaults to not lookup REALM via DNS but at the same time we don't
+provide any realm definition. As result, MIT Kerberos cannot actually
+find a working realm for Samba AD deployment because it cannot query DNS
+for a realm discovery or pick it up from the configuration.
+
+Extend private krb5.conf with a realm definition that will allow MIT
+Kerberos to look up KDC over DNS.
+
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source4/setup/krb5.conf | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/source4/setup/krb5.conf b/source4/setup/krb5.conf
+index b1bf6cf907d..ad6f2818fb5 100644
+--- a/source4/setup/krb5.conf
++++ b/source4/setup/krb5.conf
+@@ -2,3 +2,11 @@
+ 	default_realm = ${REALM}
+ 	dns_lookup_realm = false
+ 	dns_lookup_kdc = true
++
++[realms]
++${REALM} = {
++	default_domain = ${DNSDOMAIN}
++}
++
++[domain_realm]
++	${HOSTNAME} = ${REALM}
+-- 
+2.21.0
+

samba.spec

@@ -121,6 +121,7 @@ Source201:      README.downgrade
 Patch0:         pidl.patch
 Patch100:       0000-use-gnutls-for-des-cbc.patch
 Patch101:       0001-handle-removal-des-enctypes-from-krb5.patch
+Patch102:       0002-samba-tool-create-working-private-krb5.conf.patch
 
 Requires(pre): /usr/sbin/groupadd
 Requires(post): systemd