auth4: reflect the reality and use "winbind_rodc" instead of "winbind" for the auth methods as AD_DC

Currently we always map any incoming domain to our own domain
in map_user_info_cracknames(), so that the winbind module is never
used at all, e.g. we're DC of W4EDOM-L4.BASE with a forest trust to W2012R2-L4.BASE:

  [2017/03/22 10:09:54.268472,  3, pid=4724, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:271(auth_check_password_send)
    auth_check_password_send: Checking password for unmapped user [W2012R2-L4]\[administrator]@[UB1404-163]
  [2017/03/22 10:09:54.268496,  5, pid=4724, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth_util.c:57(map_user_info_cracknames)
    map_user_info_cracknames: Mapping user [W2012R2-L4]\[administrator] from workstation [UB1404-163]
    auth_check_password_send: mapped user is: [W4EDOM-L4]\[administrator]@[UB1404-163]

That means the only condition in which "sam_ignoredomain" returns
NT_STATUS_NOT_IMPLEMENTED is the RODC case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 1 insertions, 1 deletions

diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 1b7faee3dbc..26025dcc240 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -619,7 +619,7 @@ const char **auth_methods_from_lp(TALLOC_CTX *mem_ctx, struct loadparm_context *
 	case ROLE_DOMAIN_BDC:
 	case ROLE_DOMAIN_PDC:
 	case ROLE_ACTIVE_DIRECTORY_DC:
-		auth_methods = str_list_make(mem_ctx, "anonymous sam_ignoredomain winbind", NULL);
+		auth_methods = str_list_make(mem_ctx, "anonymous sam_ignoredomain winbind_rodc", NULL);
 		break;
 	}
 	return discard_const_p(const char *, auth_methods);