From bd51d30809180b64c5c6fc98c2bd79040b93051c Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 13 Sep 2010 11:38:12 +1000
Subject: s4-auth: when we are a DC enable winbind auth

As a RODC we need to forward some auth requests to a writable DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
---
 source4/param/loadparm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'source4')

diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index bbc8323198..95d275535c 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -2352,7 +2352,9 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 	lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup unixinfo browser");
 	lpcfg_do_global_parameter(lp_ctx, "server services", "smb rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate");
 	lpcfg_do_global_parameter(lp_ctx, "ntptr providor", "simple_ldb");
-	lpcfg_do_global_parameter(lp_ctx, "auth methods:domain controller", "anonymous sam_ignoredomain");
+	/* the winbind method for domain controllers is for both RODC
+	   auth forwarding and for trusted domains */
+	lpcfg_do_global_parameter(lp_ctx, "auth methods:domain controller", "anonymous sam_ignoredomain winbind");
 	lpcfg_do_global_parameter(lp_ctx, "auth methods:member server", "anonymous sam winbind");
 	lpcfg_do_global_parameter(lp_ctx, "auth methods:standalone", "anonymous sam_ignoredomain");
 	lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
-- 
cgit