After 'consultation' with idra, this is how I think the server roles should work...

Andrew Bartlett
(This used to be commit 5c1f1005907bf50b809dfae1f8251c7122103098)

1 files changed, 9 insertions, 4 deletions

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 2a83905a9f..5bffa2c862 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -3804,18 +3804,23 @@ static void set_server_role(void)
 
 	switch (lp_security()) {
 		case SEC_SHARE:
-		case SEC_SERVER:
-		case SEC_ADS:
 			if (lp_domain_logons())
 				DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
 			break;
-		case SEC_DOMAIN:
+		case SEC_SERVER:
+			if (lp_domain_logons())
+				DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
+			break;
+		case SEC_ADS:
 			if (lp_domain_logons()) {
-				server_role = ROLE_DOMAIN_BDC;
+				server_role = ROLE_DOMAIN_PDC;
 				break;
 			}
 			server_role = ROLE_DOMAIN_MEMBER;
 			break;
+		case SEC_DOMAIN:
+			if (lp_domain_logons())
+				DEBUG(0, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
 		case SEC_USER:
 			if (lp_domain_logons()) {