summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-06-11 10:51:47 +1000
committerAndrew Bartlett <abartlet@samba.org>2012-06-15 09:18:33 +0200
commit60b63482441deee2d6db523bd295caf21af187ad (patch)
tree9ef90f6b7cc108480c757374f0246381012e856d
parent67bdf4fa11f097144a831b51c424bdac3618a927 (diff)
downloadsamba-60b63482441deee2d6db523bd295caf21af187ad.tar.gz
samba-60b63482441deee2d6db523bd295caf21af187ad.tar.bz2
samba-60b63482441deee2d6db523bd295caf21af187ad.zip
s3-auth: rework default auth methods around the lp_server_role() parameter
To cover all the enum values, ROLE_ACTIVE_DIRECTORY_DOMAIN_CONTROLLER is mapped to the samba4 auth module, and this is no longer required to be specified in fileserver.conf. Andrew Bartlett
-rw-r--r--file_server/file_server.c1
-rw-r--r--source3/auth/auth.c40
2 files changed, 23 insertions, 18 deletions
diff --git a/file_server/file_server.c b/file_server/file_server.c
index 9f43ebbe75..46969f3920 100644
--- a/file_server/file_server.c
+++ b/file_server/file_server.c
@@ -49,7 +49,6 @@ static const char *generate_smb_conf(struct task_server *task)
}
fdprintf(fd, "# auto-generated config for fileserver\n");
- fdprintf(fd, "auth methods = samba4\n");
fdprintf(fd, "passdb backend = samba4\n");
fdprintf(fd, "rpc_server:default = external\n");
fdprintf(fd, "rpc_server:svcctl = embedded\n");
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 4fc54bed37..671319347f 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -486,35 +486,41 @@ NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx,
}
if (auth_method_list == NULL) {
- switch (lp_security())
+ switch (lp_server_role())
{
- case SEC_DOMAIN:
- case SEC_ADS:
- DEBUG(5,("Making default auth method list for security=domain and security=ads\n"));
+ case ROLE_DOMAIN_MEMBER:
+ DEBUG(5,("Making default auth method list for server role = 'domain member'\n"));
auth_method_list = str_list_make_v3(
talloc_tos(), "guest sam winbind:ntdomain",
NULL);
break;
- case SEC_USER:
- if (lp_encrypted_passwords()) {
- if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) {
- DEBUG(5,("Making default auth method list for DC, security=user, encrypt passwords = yes\n"));
- auth_method_list = str_list_make_v3(
- talloc_tos(),
- "guest sam winbind:trustdomain",
- NULL);
- } else {
- DEBUG(5,("Making default auth method list for standalone security=user, encrypt passwords = yes\n"));
- auth_method_list = str_list_make_v3(
+ case ROLE_DOMAIN_BDC:
+ case ROLE_DOMAIN_PDC:
+ DEBUG(5,("Making default auth method list for DC\n"));
+ auth_method_list = str_list_make_v3(
+ talloc_tos(),
+ "guest sam winbind:trustdomain",
+ NULL);
+ break;
+ case ROLE_STANDALONE:
+ DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = yes\n"));
+ if (lp_encrypted_passwords()) {
+ auth_method_list = str_list_make_v3(
talloc_tos(), "guest sam",
NULL);
- }
} else {
- DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n"));
+ DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = no\n"));
auth_method_list = str_list_make_v3(
talloc_tos(), "guest unix", NULL);
}
break;
+ case ROLE_ACTIVE_DIRECTORY_DC:
+ DEBUG(5,("Making default auth method list for server role = 'active directory domain controller'\n"));
+ auth_method_list = str_list_make_v3(
+ talloc_tos(),
+ "samba4",
+ NULL);
+ break;
default:
DEBUG(5,("Unknown auth method!\n"));
return NT_STATUS_UNSUCCESSFUL;