lib/param: make security=domain and security=ads conflict with being a DC

This simplifies our supported configurations down to those that we test and expect
to work.  security=domain and domain logons = yes has never made much sense, and
security=ads and domain logons = yes was only ever used in early experiments for
our AD support using smbd.

The correct way to be an AD DC is to set "server role = active directory domain controller"

Andrew Bartlett

diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c
index 46515dadbdfb82657f3b420f1ffe115c12740e3f..c08834396b0dee093d8ece7c786b5a4741235b66 100644 (file)
--- a/lib/param/loadparm_server_role.c
+++ b/lib/param/loadparm_server_role.c
@@ -75,18 +75,7 @@ int lp_find_server_role(int server_role, int security, int domain_logons, int do
 
        switch (security) {
                case SEC_DOMAIN:
-                       if (domain_logons) {
-                               DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
-                               role = ROLE_DOMAIN_BDC;
-                               break;
-                       }
-                       role = ROLE_DOMAIN_MEMBER;
-                       break;
                case SEC_ADS:
-                       if (domain_logons) {
-                               role = ROLE_DOMAIN_BDC;
-                               break;
-                       }
                        role = ROLE_DOMAIN_MEMBER;
                        break;
                case SEC_AUTO:
@@ -145,22 +134,17 @@ bool lp_is_security_and_server_role_valid(int server_role, int security)
        case ROLE_AUTO:
                valid = true;
                break;
-       case ROLE_STANDALONE:
-               if (security == SEC_USER) {
-                       valid = true;
-               }
-               break;
-
        case ROLE_DOMAIN_MEMBER:
                if (security == SEC_ADS || security == SEC_DOMAIN) {
                        valid = true;
                }
                break;
 
+       case ROLE_STANDALONE:
        case ROLE_DOMAIN_PDC:
        case ROLE_DOMAIN_BDC:
        case ROLE_ACTIVE_DIRECTORY_DC:
-               if (security == SEC_USER || security == SEC_ADS || security == SEC_DOMAIN) {
+               if (security == SEC_USER) {
                        valid = true;
                }
                break;