auth: Ensure auth_sam is not used on the AD DC

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 16 22:51:26 CEST 2013 on sn-devel-104

diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 7faa8de02752ece6bc82113a97a9d2e7a83615c1..a34f9a585217e0288b199ab320b152d7589a37fd 100644 (file)
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -108,6 +108,13 @@ static NTSTATUS auth_init_sam(struct auth_context *auth_context, const char *par
 {
        struct auth_methods *result;
 
+       if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
+           && !lp_parm_bool(-1, "server role check", "inhibit", false)) {
+               DEBUG(0, ("server role = 'active directory domain controller' not compatible with running the auth_sam module. \n"));
+               DEBUGADD(0, ("You should not set 'auth methods' when running the AD DC.\n"));
+               exit(1);
+       }
+
        result = talloc_zero(auth_context, struct auth_methods);
        if (result == NULL) {
                return NT_STATUS_NO_MEMORY;