s3-auth: rework default auth methods around the lp_server_role() parameter

author Andrew Bartlett <abartlet@samba.org>

Mon, 11 Jun 2012 00:51:47 +0000 (10:51 +1000)

committer Andrew Bartlett <abartlet@samba.org>

Fri, 15 Jun 2012 07:18:33 +0000 (09:18 +0200)
author Andrew Bartlett <abartlet@samba.org>
Mon, 11 Jun 2012 00:51:47 +0000 (10:51 +1000)
committer Andrew Bartlett <abartlet@samba.org>
Fri, 15 Jun 2012 07:18:33 +0000 (09:18 +0200)
diff --git a/file_server/file_server.c b/file_server/file_server.c

index 9f43ebbe75810b2b41ae16570164c6c2af9c3e1f..46969f3920ce3c3a761884289ba0efd2d15039ad 100644 (file)
--- a/file_server/file_server.c
+++ b/file_server/file_server.c
@@ -49,7 +49,6 @@ static const char *generate_smb_conf(struct task_server *task)
         }
  
         fdprintf(fd, "# auto-generated config for fileserver\n");
-       fdprintf(fd, "auth methods = samba4\n");
         fdprintf(fd, "passdb backend = samba4\n");
          fdprintf(fd, "rpc_server:default = external\n");
         fdprintf(fd, "rpc_server:svcctl = embedded\n");
diff --git a/source3/auth/auth.c b/source3/auth/auth.c

index 4fc54bed37e194af37158732d7f0bfbe68426992..671319347f19e48191612aeffa6fce7992103b85 100644 (file)
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -486,35 +486,41 @@ NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx,
         }
  
         if (auth_method_list == NULL) {
-               switch (lp_security()) 
+               switch (lp_server_role()) 
                 {
-               case SEC_DOMAIN:
-               case SEC_ADS:
-                       DEBUG(5,("Making default auth method list for security=domain and security=ads\n"));
+               case ROLE_DOMAIN_MEMBER:
+                       DEBUG(5,("Making default auth method list for server role = 'domain member'\n"));
                         auth_method_list = str_list_make_v3(
                                 talloc_tos(), "guest sam winbind:ntdomain",
                                 NULL);
                         break;
-               case SEC_USER:
-                       if (lp_encrypted_passwords()) { 
-                               if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) {
-                                       DEBUG(5,("Making default auth method list for DC, security=user, encrypt passwords = yes\n"));
-                                       auth_method_list = str_list_make_v3(
-                                               talloc_tos(),
-                                               "guest sam winbind:trustdomain",
-                                               NULL);
-                               } else {
-                                       DEBUG(5,("Making default auth method list for standalone security=user, encrypt passwords = yes\n"));
-                                       auth_method_list = str_list_make_v3(
+               case ROLE_DOMAIN_BDC:
+               case ROLE_DOMAIN_PDC:
+                       DEBUG(5,("Making default auth method list for DC\n"));
+                       auth_method_list = str_list_make_v3(
+                               talloc_tos(),
+                               "guest sam winbind:trustdomain",
+                               NULL);
+                       break;
+               case ROLE_STANDALONE:
+                       DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = yes\n"));
+                       if (lp_encrypted_passwords()) {
+                               auth_method_list = str_list_make_v3(
                                                 talloc_tos(), "guest sam",
                                                 NULL);
-                               }
                         } else {
-                               DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n"));
+                               DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = no\n"));
                                 auth_method_list = str_list_make_v3(
                                         talloc_tos(), "guest unix", NULL);
                         }
                         break;
+               case ROLE_ACTIVE_DIRECTORY_DC:
+                       DEBUG(5,("Making default auth method list for server role = 'active directory domain controller'\n"));
+                       auth_method_list = str_list_make_v3(
+                               talloc_tos(),
+                               "samba4",
+                               NULL);
+                       break;
                 default:
                         DEBUG(5,("Unknown auth method!\n"));
                         return NT_STATUS_UNSUCCESSFUL;
author	Andrew Bartlett <abartlet@samba.org>
	Mon, 11 Jun 2012 00:51:47 +0000 (10:51 +1000)
committer	Andrew Bartlett <abartlet@samba.org>
	Fri, 15 Jun 2012 07:18:33 +0000 (09:18 +0200)
file_server/file_server.c		patch \| blob \| history
source3/auth/auth.c		patch \| blob \| history