s4:auth/ntlmssp: add support for using "winbind" as DC

[sfrench/samba-autobuild/.git] / source4 / auth / ntlm / auth.c

diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 3424e503b3e0457b188e16e94f4b1dfce7ffbd66..56c1bcfd3d48ee79b9a23878092af3c2b04ea3c6 100644 (file)
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -768,25 +768,10 @@ const char **auth_methods_from_lp(TALLOC_CTX *mem_ctx, struct loadparm_context *
                auth_methods = str_list_make(mem_ctx, "anonymous sam_ignoredomain", NULL);
                break;
        case ROLE_DOMAIN_MEMBER:
-               auth_methods = str_list_make(mem_ctx, "anonymous sam winbind sam_ignoredomain", NULL);
-               break;
        case ROLE_DOMAIN_BDC:
        case ROLE_DOMAIN_PDC:
        case ROLE_ACTIVE_DIRECTORY_DC:
-               /*
-                * TODO: we should replace "winbind_rodc sam_failtrusts" with "winbind"
-                * if everything (gensec/auth4) is fully async without nested
-                * event loops!
-                *
-                * But for now we'll fail authentications for trusted
-                * domain consistently with NT_STATUS_NO_TRUST_LSA_SECRET,
-                * instead of silently mapping to local users.
-                */
-               auth_methods = str_list_make(mem_ctx,
-                                            "anonymous sam "
-                                            "winbind_rodc sam_failtrusts "
-                                            "sam_ignoredomain",
-                                            NULL);
+               auth_methods = str_list_make(mem_ctx, "anonymous sam winbind sam_ignoredomain", NULL);
                break;
        }
        return discard_const_p(const char *, auth_methods);