s4-auth: Disable LM authenticaton in the AD DC despite "lanman auth = yes"

LM authentication is very weak and a very bad idea, so has been deprecated since
Samba 4.11.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index cf0656ae0da15dc2417b8de76481cf2d985dcfc1..0625c4f1268e0dac425627223f00e1f27ee0ea2a 100644 (file)
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -90,8 +90,8 @@ static NTSTATUS authsam_password_ok(struct auth4_context *auth_context,
                
        case AUTH_PASSWORD_RESPONSE:
                status = ntlm_password_check(mem_ctx, 
-                                            lpcfg_lanman_auth(auth_context->lp_ctx),
-                                                lpcfg_ntlm_auth(auth_context->lp_ctx),
+                                            false,
+                                            lpcfg_ntlm_auth(auth_context->lp_ctx),
                                             user_info->logon_parameters, 
                                             &auth_context->challenge.data, 
                                             &user_info->password.response.lanman,