lib/param: make security=domain and security=ads conflict with being a DC

This simplifies our supported configurations down to those that we test and expect
to work.  security=domain and domain logons = yes has never made much sense, and
security=ads and domain logons = yes was only ever used in early experiments for
our AD support using smbd.

The correct way to be an AD DC is to set "server role = active directory domain controller"

Andrew Bartlett

1 files changed, 2 insertions, 18 deletions

diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c
index 46515dadbd..c08834396b 100644
--- a/lib/param/loadparm_server_role.c
+++ b/lib/param/loadparm_server_role.c
@@ -75,18 +75,7 @@ int lp_find_server_role(int server_role, int security, int domain_logons, int do
 
 	switch (security) {
 		case SEC_DOMAIN:
-			if (domain_logons) {
-				DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
-				role = ROLE_DOMAIN_BDC;
-				break;
-			}
-			role = ROLE_DOMAIN_MEMBER;
-			break;
 		case SEC_ADS:
-			if (domain_logons) {
-				role = ROLE_DOMAIN_BDC;
-				break;
-			}
 			role = ROLE_DOMAIN_MEMBER;
 			break;
 		case SEC_AUTO:
@@ -145,22 +134,17 @@ bool lp_is_security_and_server_role_valid(int server_role, int security)
 	case ROLE_AUTO:
 		valid = true;
 		break;
-	case ROLE_STANDALONE:
-		if (security == SEC_USER) {
-			valid = true;
-		}
-		break;
-
 	case ROLE_DOMAIN_MEMBER:
 		if (security == SEC_ADS || security == SEC_DOMAIN) {
 			valid = true;
 		}
 		break;
 
+	case ROLE_STANDALONE:
 	case ROLE_DOMAIN_PDC:
 	case ROLE_DOMAIN_BDC:
 	case ROLE_ACTIVE_DIRECTORY_DC:
-		if (security == SEC_USER || security == SEC_ADS || security == SEC_DOMAIN) {
+		if (security == SEC_USER) {
 			valid = true;
 		}
 		break;