summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2017-03-22 11:16:47 +0100
committerAndreas Schneider <asn@cryptomilk.org>2017-08-07 15:20:03 +0200
commita6ad56cfa9dfc7488dd328aa752ddd96154f0362 (patch)
tree4832431b5520f0237419b6fbfb732fa29b1a3726
parent690c5e6f36e343f709715214e2368bcb7e67e0fb (diff)
downloadsamba-a6ad56cfa9dfc7488dd328aa752ddd96154f0362.tar.gz
s4:auth: use "sam winbind" for the netlogon server
This adds authentication support for trusted domains to the netlogon server. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
-rw-r--r--source4/auth/ntlm/auth.c11
1 files changed, 4 insertions, 7 deletions
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 9aa94bf541e..3424e503b3e 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -840,14 +840,11 @@ _PUBLIC_ NTSTATUS auth_context_create_for_netlogon(TALLOC_CTX *mem_ctx,
DBG_NOTICE("using deprecated 'auth methods' values.\n");
} else {
/*
- * We can remove "winbind_rodc sam_failtrusts",
- * when we made the netlogon retries to
- * to contact winbind via irpc.
+ * Here we only allow 'sam winbind' instead of
+ * the 'anonymous sam winbind sam_ignoredomain'
+ * we typically use for authentication from clients.
*/
- _auth_methods = str_list_make(mem_ctx,
- "sam "
- "winbind_rodc sam_failtrusts",
- NULL);
+ _auth_methods = str_list_make(mem_ctx, "sam winbind", NULL);
if (_auth_methods == NULL) {
return NT_STATUS_NO_MEMORY;
}