diff options
-rw-r--r-- | file_server/file_server.c | 1 | ||||
-rw-r--r-- | source3/auth/auth.c | 40 |
2 files changed, 23 insertions, 18 deletions
diff --git a/file_server/file_server.c b/file_server/file_server.c index 9f43ebbe75..46969f3920 100644 --- a/file_server/file_server.c +++ b/file_server/file_server.c @@ -49,7 +49,6 @@ static const char *generate_smb_conf(struct task_server *task) } fdprintf(fd, "# auto-generated config for fileserver\n"); - fdprintf(fd, "auth methods = samba4\n"); fdprintf(fd, "passdb backend = samba4\n"); fdprintf(fd, "rpc_server:default = external\n"); fdprintf(fd, "rpc_server:svcctl = embedded\n"); diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 4fc54bed37..671319347f 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -486,35 +486,41 @@ NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx, } if (auth_method_list == NULL) { - switch (lp_security()) + switch (lp_server_role()) { - case SEC_DOMAIN: - case SEC_ADS: - DEBUG(5,("Making default auth method list for security=domain and security=ads\n")); + case ROLE_DOMAIN_MEMBER: + DEBUG(5,("Making default auth method list for server role = 'domain member'\n")); auth_method_list = str_list_make_v3( talloc_tos(), "guest sam winbind:ntdomain", NULL); break; - case SEC_USER: - if (lp_encrypted_passwords()) { - if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) { - DEBUG(5,("Making default auth method list for DC, security=user, encrypt passwords = yes\n")); - auth_method_list = str_list_make_v3( - talloc_tos(), - "guest sam winbind:trustdomain", - NULL); - } else { - DEBUG(5,("Making default auth method list for standalone security=user, encrypt passwords = yes\n")); - auth_method_list = str_list_make_v3( + case ROLE_DOMAIN_BDC: + case ROLE_DOMAIN_PDC: + DEBUG(5,("Making default auth method list for DC\n")); + auth_method_list = str_list_make_v3( + talloc_tos(), + "guest sam winbind:trustdomain", + NULL); + break; + case ROLE_STANDALONE: + DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = yes\n")); + if (lp_encrypted_passwords()) { + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam", NULL); - } } else { - DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n")); + DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = no\n")); auth_method_list = str_list_make_v3( talloc_tos(), "guest unix", NULL); } break; + case ROLE_ACTIVE_DIRECTORY_DC: + DEBUG(5,("Making default auth method list for server role = 'active directory domain controller'\n")); + auth_method_list = str_list_make_v3( + talloc_tos(), + "samba4", + NULL); + break; default: DEBUG(5,("Unknown auth method!\n")); return NT_STATUS_UNSUCCESSFUL; |