auth4: use "anonymous sam winbind_rodc sam_failtrusts sam_ignoredomain" as AD_DC
authorStefan Metzmacher <metze@samba.org>
Fri, 17 Mar 2017 13:54:16 +0000 (14:54 +0100)
committerAndrew Bartlett <abartlet@samba.org>
Sun, 9 Apr 2017 23:11:20 +0000 (01:11 +0200)
commit2a57b285ce0a7417b14ab028b2f711d1048eb27c
tree87a5d6992a9ff366fe9e05e421f614ab37727979
parentbb6583fdf200677bd7ef17dfa9e57b6f5c14fb45
auth4: use "anonymous sam winbind_rodc sam_failtrusts sam_ignoredomain" as AD_DC

It's better to consistently fail authentications for users
of trusted domains (on a RWDC) with NT_STATUS_NO_TRUST_LSA_SECRET,
instead of silently mapping them to local users, by accident.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/auth/ntlm/auth.c