From a6ad56cfa9dfc7488dd328aa752ddd96154f0362 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 22 Mar 2017 11:16:47 +0100 Subject: [PATCH] s4:auth: use "sam winbind" for the netlogon server This adds authentication support for trusted domains to the netlogon server. Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source4/auth/ntlm/auth.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c index 9aa94bf541e..3424e503b3e 100644 --- a/source4/auth/ntlm/auth.c +++ b/source4/auth/ntlm/auth.c @@ -840,14 +840,11 @@ _PUBLIC_ NTSTATUS auth_context_create_for_netlogon(TALLOC_CTX *mem_ctx, DBG_NOTICE("using deprecated 'auth methods' values.\n"); } else { /* - * We can remove "winbind_rodc sam_failtrusts", - * when we made the netlogon retries to - * to contact winbind via irpc. + * Here we only allow 'sam winbind' instead of + * the 'anonymous sam winbind sam_ignoredomain' + * we typically use for authentication from clients. */ - _auth_methods = str_list_make(mem_ctx, - "sam " - "winbind_rodc sam_failtrusts", - NULL); + _auth_methods = str_list_make(mem_ctx, "sam winbind", NULL); if (_auth_methods == NULL) { return NT_STATUS_NO_MEMORY; } -- 2.11.4.GIT