From 2ed6b0818a68ac07bd9c4270522aa8e2098ec140 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 16 May 2013 10:32:50 +1000
Subject: [PATCH] auth: Ensure auth_sam is not used on the AD DC

Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 16 22:51:26 CEST 2013 on sn-devel-104
---
 source3/auth/auth_sam.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 7faa8de0275..a34f9a58521 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -108,6 +108,13 @@ static NTSTATUS auth_init_sam(struct auth_context *auth_context, const char *par
 {
 	struct auth_methods *result;
 
+	if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
+	    && !lp_parm_bool(-1, "server role check", "inhibit", false)) {
+		DEBUG(0, ("server role = 'active directory domain controller' not compatible with running the auth_sam module. \n"));
+		DEBUGADD(0, ("You should not set 'auth methods' when running the AD DC.\n"));
+		exit(1);
+	}
+
 	result = talloc_zero(auth_context, struct auth_methods);
 	if (result == NULL) {
 		return NT_STATUS_NO_MEMORY;
-- 
2.34.1