s4:auth: use "sam winbind" for the netlogon server

This adds authentication support for trusted domains to the netlogon server. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2017-03-22 11:16:47 +0100
committer: Andreas Schneider <asn@cryptomilk.org> 2017-08-07 15:20:03 +0200
commit: a6ad56cfa9dfc7488dd328aa752ddd96154f0362 (patch)
tree: 4832431b5520f0237419b6fbfb732fa29b1a3726 /source4
parent: 690c5e6f36e343f709715214e2368bcb7e67e0fb (diff)
download: samba-a6ad56cfa9dfc7488dd328aa752ddd96154f0362.tar.gz
1 files changed, 4 insertions, 7 deletions
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 9aa94bf541e..3424e503b3e 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -840,14 +840,11 @@ _PUBLIC_ NTSTATUS auth_context_create_for_netlogon(TALLOC_CTX *mem_ctx,
 		DBG_NOTICE("using deprecated 'auth methods' values.\n");
 	} else {
 		/*
-		 * We can remove "winbind_rodc sam_failtrusts",
-		 * when we made the netlogon retries to
-		 * to contact winbind via irpc.
+		 * Here we only allow 'sam winbind' instead of
+		 * the 'anonymous sam winbind sam_ignoredomain'
+		 * we typically use for authentication from clients.
 		 */
-		_auth_methods = str_list_make(mem_ctx,
-				"sam "
-				"winbind_rodc sam_failtrusts",
-				NULL);
+		_auth_methods = str_list_make(mem_ctx, "sam winbind", NULL);
 		if (_auth_methods == NULL) {
 			return NT_STATUS_NO_MEMORY;
 		}
author	Stefan Metzmacher <metze@samba.org>	2017-03-22 11:16:47 +0100
committer	Andreas Schneider <asn@cryptomilk.org>	2017-08-07 15:20:03 +0200
commit	a6ad56cfa9dfc7488dd328aa752ddd96154f0362 (patch)
tree	4832431b5520f0237419b6fbfb732fa29b1a3726 /source4
parent	690c5e6f36e343f709715214e2368bcb7e67e0fb (diff)
download	samba-a6ad56cfa9dfc7488dd328aa752ddd96154f0362.tar.gz