auth4: use "anonymous sam winbind sam_ignoredomain" with ROLE_DOMAIN_MEMBER

We hopefully remove this role in future, but for now we should do this
correct and fallback to sam_ignoredomain at the end of the auth chain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index f366fb111aea3099cf54b640254c795dd425444e..078b08b112535f46cc264ea46a6579f48681af8d 100644 (file)
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -645,7 +645,7 @@ const char **auth_methods_from_lp(TALLOC_CTX *mem_ctx, struct loadparm_context *
                auth_methods = str_list_make(mem_ctx, "anonymous sam_ignoredomain", NULL);
                break;
        case ROLE_DOMAIN_MEMBER:
-               auth_methods = str_list_make(mem_ctx, "anonymous sam winbind", NULL);
+               auth_methods = str_list_make(mem_ctx, "anonymous sam winbind sam_ignoredomain", NULL);
                break;
        case ROLE_DOMAIN_BDC:
        case ROLE_DOMAIN_PDC: