diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-06-11 10:40:32 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-06-15 09:18:33 +0200 |
commit | 11db5b1f3321b3d5b73bb16f4030111c9a35fbbe (patch) | |
tree | 7328bb41e193a53cdb4cd4ac84e6da8b0b4f79ec | |
parent | b8815dc23d36468cce9b615335ed62f119eb8f35 (diff) | |
download | samba-11db5b1f3321b3d5b73bb16f4030111c9a35fbbe.tar.gz samba-11db5b1f3321b3d5b73bb16f4030111c9a35fbbe.tar.bz2 samba-11db5b1f3321b3d5b73bb16f4030111c9a35fbbe.zip |
lib/param: make security=domain and security=ads conflict with being a DC
This simplifies our supported configurations down to those that we test and expect
to work. security=domain and domain logons = yes has never made much sense, and
security=ads and domain logons = yes was only ever used in early experiments for
our AD support using smbd.
The correct way to be an AD DC is to set "server role = active directory domain controller"
Andrew Bartlett
-rw-r--r-- | lib/param/loadparm_server_role.c | 20 |
1 files changed, 2 insertions, 18 deletions
diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c index 46515dadbd..c08834396b 100644 --- a/lib/param/loadparm_server_role.c +++ b/lib/param/loadparm_server_role.c @@ -75,18 +75,7 @@ int lp_find_server_role(int server_role, int security, int domain_logons, int do switch (security) { case SEC_DOMAIN: - if (domain_logons) { - DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n")); - role = ROLE_DOMAIN_BDC; - break; - } - role = ROLE_DOMAIN_MEMBER; - break; case SEC_ADS: - if (domain_logons) { - role = ROLE_DOMAIN_BDC; - break; - } role = ROLE_DOMAIN_MEMBER; break; case SEC_AUTO: @@ -145,22 +134,17 @@ bool lp_is_security_and_server_role_valid(int server_role, int security) case ROLE_AUTO: valid = true; break; - case ROLE_STANDALONE: - if (security == SEC_USER) { - valid = true; - } - break; - case ROLE_DOMAIN_MEMBER: if (security == SEC_ADS || security == SEC_DOMAIN) { valid = true; } break; + case ROLE_STANDALONE: case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: case ROLE_ACTIVE_DIRECTORY_DC: - if (security == SEC_USER || security == SEC_ADS || security == SEC_DOMAIN) { + if (security == SEC_USER) { valid = true; } break; |