diff options
author | Volker Lendecke <vl@samba.org> | 2017-02-19 15:37:51 +0100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-04-10 05:04:03 +0200 |
commit | 56df7cf3d95dd3de9b6e3d581cbc8d3663817b7f (patch) | |
tree | 951e59f61118d2f3a00db92732a6a167b5ae9058 /source3/auth | |
parent | 45227b301fba492edfb57fb52e66564c1ee2de6b (diff) | |
download | samba-56df7cf3d95dd3de9b6e3d581cbc8d3663817b7f.tar.gz |
auth3: fallback to "sam_ignoredomain" in make_auth3_context_for_ntlm()
This is in the spirit of the "map untrusted to domain" parameter: We
fall back to the local SAM when we get a non-authoritative NO_SUCH_USER
from our domain controller. With this change we can implement
"map untrusted to domain = auto".
We should not strictly need 'sam' before 'winbind', but it makes
it clearer to read and has the same effect.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 10 05:04:03 CEST 2017 on sn-devel-144
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/auth.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 2c92140194d..ba6245d6210 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -526,17 +526,17 @@ NTSTATUS make_auth3_context_for_ntlm(TALLOC_CTX *mem_ctx, switch (lp_server_role()) { case ROLE_DOMAIN_MEMBER: DEBUG(5,("Making default auth method list for server role = 'domain member'\n")); - methods = "guest sam winbind:ntdomain"; + methods = "guest sam winbind:ntdomain sam_ignoredomain"; break; case ROLE_DOMAIN_BDC: case ROLE_DOMAIN_PDC: DEBUG(5,("Making default auth method list for DC\n")); - methods = "guest sam winbind:trustdomain"; + methods = "guest sam winbind:trustdomain sam_ignoredomain"; break; case ROLE_STANDALONE: DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = yes\n")); if (lp_encrypt_passwords()) { - methods = "guest sam"; + methods = "guest sam_ignoredomain"; } else { DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = no\n")); methods = "guest unix"; |