From fe754cc7ac9587da8fe6c103052e290361b03eee Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 5 Sep 2011 11:08:20 +1000
Subject: s4-dsdb Print clearer error messages when invalid account flags are
 specified on add

---
 source4/dsdb/common/util_samr.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/source4/dsdb/common/util_samr.c b/source4/dsdb/common/util_samr.c
index b9663ef0ac..184dfd5f46 100644
--- a/source4/dsdb/common/util_samr.c
+++ b/source4/dsdb/common/util_samr.c
@@ -127,7 +127,16 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb,
 		cn_name[cn_name_len - 1] = '\0';
 		container = "OU=Domain Controllers";
 		obj_class = "computer";
+	} else if (acct_flags == ACB_DOMTRUST) {
+		DEBUG(3, ("Invalid account flags specified:  cannot create domain trusts via this interface (must use LSA CreateTrustedDomain calls\n"));
+		ldb_transaction_cancel(ldb);
+		talloc_free(tmp_ctx);
+		return NT_STATUS_INVALID_PARAMETER;
 	} else {
+		DEBUG(3, ("Invalid account flags specified 0x%08X, must be exactly one of \n"
+			  "ACB_NORMAL (0x%08X) ACB_WSTRUST (0x%08X) or ACB_SVRTRUST (0x%08X)\n",
+			  acct_flags,
+			  ACB_NORMAL, ACB_WSTRUST, ACB_SVRTRUST));
 		ldb_transaction_cancel(ldb);
 		talloc_free(tmp_ctx);
 		return NT_STATUS_INVALID_PARAMETER;
-- 
cgit