s4:auth: use "sam winbind" for the netlogon server

This adds authentication support for trusted domains to the
netlogon server.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 9aa94bf541e6f425d07d5dda58224e48bbd42a46..3424e503b3e0457b188e16e94f4b1dfce7ffbd66 100644 (file)
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -840,14 +840,11 @@ _PUBLIC_ NTSTATUS auth_context_create_for_netlogon(TALLOC_CTX *mem_ctx,
                DBG_NOTICE("using deprecated 'auth methods' values.\n");
        } else {
                /*
-                * We can remove "winbind_rodc sam_failtrusts",
-                * when we made the netlogon retries to
-                * to contact winbind via irpc.
+                * Here we only allow 'sam winbind' instead of
+                * the 'anonymous sam winbind sam_ignoredomain'
+                * we typically use for authentication from clients.
                 */
-               _auth_methods = str_list_make(mem_ctx,
-                               "sam "
-                               "winbind_rodc sam_failtrusts",
-                               NULL);
+               _auth_methods = str_list_make(mem_ctx, "sam winbind", NULL);
                if (_auth_methods == NULL) {
                        return NT_STATUS_NO_MEMORY;
                }