summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-06-11 10:40:32 +1000
committerAndrew Bartlett <abartlet@samba.org>2012-06-15 09:18:33 +0200
commit11db5b1f3321b3d5b73bb16f4030111c9a35fbbe (patch)
tree7328bb41e193a53cdb4cd4ac84e6da8b0b4f79ec
parentb8815dc23d36468cce9b615335ed62f119eb8f35 (diff)
downloadsamba-11db5b1f3321b3d5b73bb16f4030111c9a35fbbe.tar.gz
samba-11db5b1f3321b3d5b73bb16f4030111c9a35fbbe.tar.bz2
samba-11db5b1f3321b3d5b73bb16f4030111c9a35fbbe.zip
lib/param: make security=domain and security=ads conflict with being a DC
This simplifies our supported configurations down to those that we test and expect to work. security=domain and domain logons = yes has never made much sense, and security=ads and domain logons = yes was only ever used in early experiments for our AD support using smbd. The correct way to be an AD DC is to set "server role = active directory domain controller" Andrew Bartlett
-rw-r--r--lib/param/loadparm_server_role.c20
1 files changed, 2 insertions, 18 deletions
diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c
index 46515dadbd..c08834396b 100644
--- a/lib/param/loadparm_server_role.c
+++ b/lib/param/loadparm_server_role.c
@@ -75,18 +75,7 @@ int lp_find_server_role(int server_role, int security, int domain_logons, int do
switch (security) {
case SEC_DOMAIN:
- if (domain_logons) {
- DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
- role = ROLE_DOMAIN_BDC;
- break;
- }
- role = ROLE_DOMAIN_MEMBER;
- break;
case SEC_ADS:
- if (domain_logons) {
- role = ROLE_DOMAIN_BDC;
- break;
- }
role = ROLE_DOMAIN_MEMBER;
break;
case SEC_AUTO:
@@ -145,22 +134,17 @@ bool lp_is_security_and_server_role_valid(int server_role, int security)
case ROLE_AUTO:
valid = true;
break;
- case ROLE_STANDALONE:
- if (security == SEC_USER) {
- valid = true;
- }
- break;
-
case ROLE_DOMAIN_MEMBER:
if (security == SEC_ADS || security == SEC_DOMAIN) {
valid = true;
}
break;
+ case ROLE_STANDALONE:
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
case ROLE_ACTIVE_DIRECTORY_DC:
- if (security == SEC_USER || security == SEC_ADS || security == SEC_DOMAIN) {
+ if (security == SEC_USER) {
valid = true;
}
break;