From: Stefan Metzmacher Date: Mon, 19 Jun 2017 08:48:49 +0000 (+0200) Subject: docs-xml: remove unused "map untrusted to domain" option X-Git-Tag: talloc-2.1.11~225 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=443984b8292e08f64c9af7794883d6434f8cf5db;p=thirdparty%2Fsamba.git docs-xml: remove unused "map untrusted to domain" option Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml b/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml deleted file mode 100644 index f782a512204..00000000000 --- a/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml +++ /dev/null @@ -1,55 +0,0 @@ - - - - By default, and with auto - smbd will defer the decision whether the domain name provided by the - client is a valid domain name to the Domain Controller (DC) of - the domain it is a member of, if it is not a DC. If the DC indicates - that the domain portion is unknown, then a local authentication is performed. - Standalone servers always ignore the domain. This is basically the same as - the behavior implemented in Windows. - - - - With no, - if a client connects to smbd using an untrusted domain name, such as - BOGUS\user, smbd replaces the BOGUS domain with it's SAM name - (forcing local authentication) before - attempting to authenticate that user. In the case where smbd is acting as - a NT4 PDC/BDC this will be DOMAIN\user. In the case where smbd is acting as a - domain member server or a standalone server this will be WORKSTATION\user. - While this appears similar to the behaviour of - auto, - the difference is that smbd will use a cached (maybe incomplete) list - of trusted domains in order to classify a domain as "untrusted" - before contacting any DC first. - - - - With yes, - smbd provides the legacy behavior matching that of versions of Samba pre 3.4: - the BOGUS domain name would always be replaced by the - primary domain before attempting to authenticate that user. - This will be DOMAIN\user in all server roles except active directory domain controller. - - - - no, - was the default up to Samba 4.6. - - - - auto was added - and become the default with Samba 4.7.0. As the option is marked as - deprecated it will be removed in a future release, while the behavior of - auto will be kept. - - - -auto - diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 508fa5a692d..ddb45073b1b 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2840,8 +2840,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, "guest account", GUEST_ACCOUNT); - lpcfg_do_global_parameter(lp_ctx, "map untrusted to domain", "auto"); - lpcfg_do_global_parameter(lp_ctx, "client schannel", "auto"); lpcfg_do_global_parameter(lp_ctx, "smb encrypt", "default"); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index a34b3dbd1ad..5853c8f70c0 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -867,7 +867,6 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) Globals.min_receivefile_size = 0; - Globals.map_untrusted_to_domain = Auto; Globals.multicast_dns_register = true; Globals.smb2_max_read = DEFAULT_SMB2_MAX_READ;