From 56df7cf3d95dd3de9b6e3d581cbc8d3663817b7f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 19 Feb 2017 15:37:51 +0100 Subject: [PATCH] auth3: fallback to "sam_ignoredomain" in make_auth3_context_for_ntlm() This is in the spirit of the "map untrusted to domain" parameter: We fall back to the local SAM when we get a non-authoritative NO_SUCH_USER from our domain controller. With this change we can implement "map untrusted to domain = auto". We should not strictly need 'sam' before 'winbind', but it makes it clearer to read and has the same effect. BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Apr 10 05:04:03 CEST 2017 on sn-devel-144 --- source3/auth/auth.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 2c92140194d..ba6245d6210 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -526,17 +526,17 @@ NTSTATUS make_auth3_context_for_ntlm(TALLOC_CTX *mem_ctx, switch (lp_server_role()) { case ROLE_DOMAIN_MEMBER: DEBUG(5,("Making default auth method list for server role = 'domain member'\n")); - methods = "guest sam winbind:ntdomain"; + methods = "guest sam winbind:ntdomain sam_ignoredomain"; break; case ROLE_DOMAIN_BDC: case ROLE_DOMAIN_PDC: DEBUG(5,("Making default auth method list for DC\n")); - methods = "guest sam winbind:trustdomain"; + methods = "guest sam winbind:trustdomain sam_ignoredomain"; break; case ROLE_STANDALONE: DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = yes\n")); if (lp_encrypt_passwords()) { - methods = "guest sam"; + methods = "guest sam_ignoredomain"; } else { DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = no\n")); methods = "guest unix"; -- 2.11.4.GIT