param: Add startup checks for valid server role/binary combinations

This should eliminate confusion from our users about what they can
expect to successfully run.

Andrew Bartlett

diff --git a/file_server/file_server.c b/file_server/file_server.c
index 448894ecbdaf5a875f471e1718ffe49b8d2f1cca..b6f73824f6c7763b4d484536981abcfdb6f0bf3d 100644 (file)
--- a/file_server/file_server.c
+++ b/file_server/file_server.c
@@ -50,6 +50,7 @@ static const char *generate_smb_conf(struct task_server *task)
 
        fdprintf(fd, "[globals]\n");
        fdprintf(fd, "# auto-generated config for fileserver\n");
 
        fdprintf(fd, "[globals]\n");
        fdprintf(fd, "# auto-generated config for fileserver\n");

+       fdprintf(fd, "server role check:inhibit=yes\n");

        fdprintf(fd, "passdb backend = samba4\n");
         fdprintf(fd, "rpc_server:default = external\n");
        fdprintf(fd, "rpc_server:svcctl = embedded\n");
        fdprintf(fd, "passdb backend = samba4\n");
         fdprintf(fd, "rpc_server:default = external\n");
        fdprintf(fd, "rpc_server:svcctl = embedded\n");

diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 1728bb9c5a15d3ae129b69b96ea52d2f5cd49f07..d4df2020d5c1c5ec459432dca1bc8ca79c9b02e4 100644 (file)
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -888,6 +888,16 @@ static bool open_sockets(bool isdaemon, int port)
                exit(1);
        }
 
                exit(1);
        }
 

+       if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
+           && !lp_parm_bool(-1, "server role check", "inhibit", false)) {
+               /* TODO: when we have a merged set of defaults for
+                * loadparm, we could possibly check if the internal
+                * nbt server is in the list, and allow a startup if disabled */
+               DEBUG(0, ("server role = 'active directory domain controller' not compatible with running nmbd standalone. \n"));
+               DEBUGADD(0, ("You should start 'samba' instead, and it will control starting the internal nbt server\n"));
+               exit(1);
+       }
+

        msg = messaging_init(NULL, server_event_context());
        if (msg == NULL) {
                return 1;
        msg = messaging_init(NULL, server_event_context());
        if (msg == NULL) {
                return 1;

diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 6abf8ccaeb3a0611e11f20cf154e2d5cddc372ed..d53b19a57f30f8ac86ea2d318ff165dd950489af 100644 (file)
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1227,6 +1227,13 @@ extern void build_options(bool screen);
                exit(1);
        }
 
                exit(1);
        }
 

+       if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
+           && !lp_parm_bool(-1, "server role check", "inhibit", false)) {
+               DEBUG(0, ("server role = 'active directory domain controller' not compatible with running smbd standalone. \n"));
+               DEBUGADD(0, ("You should start 'samba' instead, and it will control starting smbd if required\n"));
+               exit(1);
+       }
+

        /* ...NOTE... Log files are working from this point! */
 
        DEBUG(3,("loaded services\n"));
        /* ...NOTE... Log files are working from this point! */
 
        DEBUG(3,("loaded services\n"));

diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index c43b5859e22ab44cd8240d91d660203d51325d50..eab62a7028f879aa2db3bf5487607eb489dada5f 100644 (file)
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1406,6 +1406,12 @@ int main(int argc, char **argv, char **envp)
         */
        dump_core_setup("winbindd", lp_logfile(talloc_tos()));
 
         */
        dump_core_setup("winbindd", lp_logfile(talloc_tos()));
 

+       if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
+               DEBUG(0, ("server role = 'active directory domain controller' not compatible with running the winbindd binary. \n"));
+               DEBUGADD(0, ("You should start 'samba' instead, and it will control starting the internal AD DC winbindd implementation, which is not the same as this one\n"));
+               exit(1);
+       }
+

        /* Initialise messaging system */
 
        if (winbind_messaging_context() == NULL) {
        /* Initialise messaging system */
 
        if (winbind_messaging_context() == NULL) {

diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index f3405a7c2ac35c0b40778dcf4058a07db059ea60..b3d8ae5f5da0681c822f932d26ace1960dcf98a5 100644 (file)
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -453,6 +453,17 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
                                 discard_const(binary_name));
        }
 
                                 discard_const(binary_name));
        }
 

+       if (lpcfg_server_role(cmdline_lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC
+           && !lpcfg_parm_bool(cmdline_lp_ctx, NULL, "server role check", "inhibit", false)
+           && !str_list_check_ci(lpcfg_server_services(cmdline_lp_ctx), "smb") 
+           && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx), "remote")
+           && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx), "mapiproxy")) {
+               DEBUG(0, ("At this time the 'samba' binary should only be used for either:\n"));
+               DEBUGADD(0, ("'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'\n"));
+               DEBUGADD(0, ("You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks\n"));
+               exit(1);
+       };
+

        prime_ldb_databases(event_ctx);
 
        status = setup_parent_messaging(event_ctx, cmdline_lp_ctx);
        prime_ldb_databases(event_ctx);
 
        status = setup_parent_messaging(event_ctx, cmdline_lp_ctx);