summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-06-11 10:51:47 +1000
committerAndrew Bartlett <abartlet@samba.org>2012-06-15 09:18:33 +0200
commit60b63482441deee2d6db523bd295caf21af187ad (patch)
tree9ef90f6b7cc108480c757374f0246381012e856d /source3
parent67bdf4fa11f097144a831b51c424bdac3618a927 (diff)
downloadsamba-60b63482441deee2d6db523bd295caf21af187ad.tar.gz
samba-60b63482441deee2d6db523bd295caf21af187ad.tar.bz2
samba-60b63482441deee2d6db523bd295caf21af187ad.zip
s3-auth: rework default auth methods around the lp_server_role() parameter
To cover all the enum values, ROLE_ACTIVE_DIRECTORY_DOMAIN_CONTROLLER is mapped to the samba4 auth module, and this is no longer required to be specified in fileserver.conf. Andrew Bartlett
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth.c40
1 files changed, 23 insertions, 17 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 4fc54bed37..671319347f 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -486,35 +486,41 @@ NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx,
}
if (auth_method_list == NULL) {
- switch (lp_security())
+ switch (lp_server_role())
{
- case SEC_DOMAIN:
- case SEC_ADS:
- DEBUG(5,("Making default auth method list for security=domain and security=ads\n"));
+ case ROLE_DOMAIN_MEMBER:
+ DEBUG(5,("Making default auth method list for server role = 'domain member'\n"));
auth_method_list = str_list_make_v3(
talloc_tos(), "guest sam winbind:ntdomain",
NULL);
break;
- case SEC_USER:
- if (lp_encrypted_passwords()) {
- if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) {
- DEBUG(5,("Making default auth method list for DC, security=user, encrypt passwords = yes\n"));
- auth_method_list = str_list_make_v3(
- talloc_tos(),
- "guest sam winbind:trustdomain",
- NULL);
- } else {
- DEBUG(5,("Making default auth method list for standalone security=user, encrypt passwords = yes\n"));
- auth_method_list = str_list_make_v3(
+ case ROLE_DOMAIN_BDC:
+ case ROLE_DOMAIN_PDC:
+ DEBUG(5,("Making default auth method list for DC\n"));
+ auth_method_list = str_list_make_v3(
+ talloc_tos(),
+ "guest sam winbind:trustdomain",
+ NULL);
+ break;
+ case ROLE_STANDALONE:
+ DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = yes\n"));
+ if (lp_encrypted_passwords()) {
+ auth_method_list = str_list_make_v3(
talloc_tos(), "guest sam",
NULL);
- }
} else {
- DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n"));
+ DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = no\n"));
auth_method_list = str_list_make_v3(
talloc_tos(), "guest unix", NULL);
}
break;
+ case ROLE_ACTIVE_DIRECTORY_DC:
+ DEBUG(5,("Making default auth method list for server role = 'active directory domain controller'\n"));
+ auth_method_list = str_list_make_v3(
+ talloc_tos(),
+ "samba4",
+ NULL);
+ break;
default:
DEBUG(5,("Unknown auth method!\n"));
return NT_STATUS_UNSUCCESSFUL;