This simplifies our supported configurations down to those that we test and expect
to work. security=domain and domain logons = yes has never made much sense, and
security=ads and domain logons = yes was only ever used in early experiments for
our AD support using smbd.
The correct way to be an AD DC is to set "server role = active directory domain controller"
Andrew Bartlett
switch (security) {
case SEC_DOMAIN:
- if (domain_logons) {
- DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
- role = ROLE_DOMAIN_BDC;
- break;
- }
- role = ROLE_DOMAIN_MEMBER;
- break;
case SEC_ADS:
- if (domain_logons) {
- role = ROLE_DOMAIN_BDC;
- break;
- }
role = ROLE_DOMAIN_MEMBER;
break;
case SEC_AUTO:
case ROLE_AUTO:
valid = true;
break;
- case ROLE_STANDALONE:
- if (security == SEC_USER) {
- valid = true;
- }
- break;
-
case ROLE_DOMAIN_MEMBER:
if (security == SEC_ADS || security == SEC_DOMAIN) {
valid = true;
}
break;
+ case ROLE_STANDALONE:
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
case ROLE_ACTIVE_DIRECTORY_DC:
- if (security == SEC_USER || security == SEC_ADS || security == SEC_DOMAIN) {
+ if (security == SEC_USER) {
valid = true;
}
break;