diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-06-11 10:51:47 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-06-15 09:18:33 +0200 |
commit | 60b63482441deee2d6db523bd295caf21af187ad (patch) | |
tree | 9ef90f6b7cc108480c757374f0246381012e856d | |
parent | 67bdf4fa11f097144a831b51c424bdac3618a927 (diff) | |
download | samba-60b63482441deee2d6db523bd295caf21af187ad.tar.gz samba-60b63482441deee2d6db523bd295caf21af187ad.tar.bz2 samba-60b63482441deee2d6db523bd295caf21af187ad.zip |
s3-auth: rework default auth methods around the lp_server_role() parameter
To cover all the enum values, ROLE_ACTIVE_DIRECTORY_DOMAIN_CONTROLLER
is mapped to the samba4 auth module, and this is no longer required to
be specified in fileserver.conf.
Andrew Bartlett
-rw-r--r-- | file_server/file_server.c | 1 | ||||
-rw-r--r-- | source3/auth/auth.c | 40 |
2 files changed, 23 insertions, 18 deletions
diff --git a/file_server/file_server.c b/file_server/file_server.c index 9f43ebbe75..46969f3920 100644 --- a/file_server/file_server.c +++ b/file_server/file_server.c @@ -49,7 +49,6 @@ static const char *generate_smb_conf(struct task_server *task) } fdprintf(fd, "# auto-generated config for fileserver\n"); - fdprintf(fd, "auth methods = samba4\n"); fdprintf(fd, "passdb backend = samba4\n"); fdprintf(fd, "rpc_server:default = external\n"); fdprintf(fd, "rpc_server:svcctl = embedded\n"); diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 4fc54bed37..671319347f 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -486,35 +486,41 @@ NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx, } if (auth_method_list == NULL) { - switch (lp_security()) + switch (lp_server_role()) { - case SEC_DOMAIN: - case SEC_ADS: - DEBUG(5,("Making default auth method list for security=domain and security=ads\n")); + case ROLE_DOMAIN_MEMBER: + DEBUG(5,("Making default auth method list for server role = 'domain member'\n")); auth_method_list = str_list_make_v3( talloc_tos(), "guest sam winbind:ntdomain", NULL); break; - case SEC_USER: - if (lp_encrypted_passwords()) { - if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) { - DEBUG(5,("Making default auth method list for DC, security=user, encrypt passwords = yes\n")); - auth_method_list = str_list_make_v3( - talloc_tos(), - "guest sam winbind:trustdomain", - NULL); - } else { - DEBUG(5,("Making default auth method list for standalone security=user, encrypt passwords = yes\n")); - auth_method_list = str_list_make_v3( + case ROLE_DOMAIN_BDC: + case ROLE_DOMAIN_PDC: + DEBUG(5,("Making default auth method list for DC\n")); + auth_method_list = str_list_make_v3( + talloc_tos(), + "guest sam winbind:trustdomain", + NULL); + break; + case ROLE_STANDALONE: + DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = yes\n")); + if (lp_encrypted_passwords()) { + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam", NULL); - } } else { - DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n")); + DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = no\n")); auth_method_list = str_list_make_v3( talloc_tos(), "guest unix", NULL); } break; + case ROLE_ACTIVE_DIRECTORY_DC: + DEBUG(5,("Making default auth method list for server role = 'active directory domain controller'\n")); + auth_method_list = str_list_make_v3( + talloc_tos(), + "samba4", + NULL); + break; default: DEBUG(5,("Unknown auth method!\n")); return NT_STATUS_UNSUCCESSFUL; |