summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-05-16 10:32:50 +1000
committerStefan Metzmacher <metze@samba.org>2013-05-16 22:51:26 +0200
commit2ed6b0818a68ac07bd9c4270522aa8e2098ec140 (patch)
treef378ca904afaa37f610033500857c424457a54fe
parent9b24f6523e8c78879ada3e6d2927ebbb21dabfdc (diff)
downloadsamba-2ed6b0818a68ac07bd9c4270522aa8e2098ec140.tar.gz
samba-2ed6b0818a68ac07bd9c4270522aa8e2098ec140.tar.bz2
samba-2ed6b0818a68ac07bd9c4270522aa8e2098ec140.zip
auth: Ensure auth_sam is not used on the AD DC
Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu May 16 22:51:26 CEST 2013 on sn-devel-104
-rw-r--r--source3/auth/auth_sam.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 7faa8de027..a34f9a5852 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -108,6 +108,13 @@ static NTSTATUS auth_init_sam(struct auth_context *auth_context, const char *par
{
struct auth_methods *result;
+ if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
+ && !lp_parm_bool(-1, "server role check", "inhibit", false)) {
+ DEBUG(0, ("server role = 'active directory domain controller' not compatible with running the auth_sam module. \n"));
+ DEBUGADD(0, ("You should not set 'auth methods' when running the AD DC.\n"));
+ exit(1);
+ }
+
result = talloc_zero(auth_context, struct auth_methods);
if (result == NULL) {
return NT_STATUS_NO_MEMORY;