diff options
author | Stefan Metzmacher <metze@samba.org> | 2017-06-17 01:06:46 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-08-07 15:20:03 +0200 |
commit | b88f9384b01d91e6060cd806e03fe9c90cbdbcf1 (patch) | |
tree | 51ca75a8750625def667756e788c309899c7498e /source4/auth | |
parent | a6ad56cfa9dfc7488dd328aa752ddd96154f0362 (diff) | |
download | samba-b88f9384b01d91e6060cd806e03fe9c90cbdbcf1.tar.gz |
s4:auth/ntlmssp: add support for using "winbind" as DC
This adds support for trusted domains to the auth stack on AD DCs.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/ntlm/auth.c | 17 |
1 files changed, 1 insertions, 16 deletions
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c index 3424e503b3e..56c1bcfd3d4 100644 --- a/source4/auth/ntlm/auth.c +++ b/source4/auth/ntlm/auth.c @@ -768,25 +768,10 @@ const char **auth_methods_from_lp(TALLOC_CTX *mem_ctx, struct loadparm_context * auth_methods = str_list_make(mem_ctx, "anonymous sam_ignoredomain", NULL); break; case ROLE_DOMAIN_MEMBER: - auth_methods = str_list_make(mem_ctx, "anonymous sam winbind sam_ignoredomain", NULL); - break; case ROLE_DOMAIN_BDC: case ROLE_DOMAIN_PDC: case ROLE_ACTIVE_DIRECTORY_DC: - /* - * TODO: we should replace "winbind_rodc sam_failtrusts" with "winbind" - * if everything (gensec/auth4) is fully async without nested - * event loops! - * - * But for now we'll fail authentications for trusted - * domain consistently with NT_STATUS_NO_TRUST_LSA_SECRET, - * instead of silently mapping to local users. - */ - auth_methods = str_list_make(mem_ctx, - "anonymous sam " - "winbind_rodc sam_failtrusts " - "sam_ignoredomain", - NULL); + auth_methods = str_list_make(mem_ctx, "anonymous sam winbind sam_ignoredomain", NULL); break; } return discard_const_p(const char *, auth_methods); |