From 3deffe8df784e3f47df0ba05868d399eaac21f1d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 28 Apr 2021 12:09:21 +0200
Subject: [PATCH 1/2] s3:utils: Tell users that workgroup/realm is required for
 ADS mode

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14695

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 328682860940679553831b6ff23acff4ce80a22f)
---
 source3/utils/testparm.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 2d717f19756..83ea71e0791 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -215,6 +215,8 @@ static int do_global_checks(void)
 	const struct loadparm_substitution *lp_sub =
 		loadparm_s3_global_substitution();
 
+	fprintf(stderr, "\n");
+
 	if (lp_security() >= SEC_DOMAIN && !lp_encrypt_passwords()) {
 		fprintf(stderr, "ERROR: in 'security=domain' mode the "
 				"'encrypt passwords' parameter must always be "
@@ -222,6 +224,26 @@ static int do_global_checks(void)
 		ret = 1;
 	}
 
+	if (lp_security() == SEC_ADS) {
+		const char *workgroup = lp_workgroup();
+		const char *realm = lp_realm();
+
+		if (workgroup == NULL || strlen(workgroup) == 0) {
+			fprintf(stderr,
+				"ERROR: The 'security=ADS' mode requires "
+				"'workgroup' parameter to be set!\n\n ");
+			ret = 1;
+		}
+
+		if (realm == NULL || strlen(realm) == 0) {
+			fprintf(stderr,
+				"ERROR: The 'security=ADS' mode requires "
+				"'realm' parameter to be set!\n\n ");
+			ret = 1;
+		}
+	}
+
+
 	if (lp_we_are_a_wins_server() && lp_wins_server_list()) {
 		fprintf(stderr, "ERROR: both 'wins support = true' and "
 				"'wins server = <server list>' cannot be set in "
-- 
2.31.1


From 1b4d5864c97d79a590d0fcecaaaf8814627bca45 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 28 Apr 2021 12:25:42 +0200
Subject: [PATCH 2/2] s3:winbind: For 'security = ADS' require realm/workgroup
 to be set

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14695

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 757c49f6dc52afd6ee39c0b282e9a787b6df7a12)
---
 source3/winbindd/winbindd.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 3049faa3237..18cc539f250 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1791,6 +1791,23 @@ int main(int argc, const char **argv)
 		exit(1);
 	}
 
+	if (lp_security() == SEC_ADS) {
+		const char *realm = lp_realm();
+		const char *workgroup = lp_workgroup();
+
+		if (workgroup == NULL || strlen(workgroup) == 0) {
+			DBG_ERR("For 'secuirity = ADS' mode, the 'workgroup' "
+				"parameter is required to be set!\n");
+			exit(1);
+		}
+
+		if (realm == NULL || strlen(realm) == 0) {
+			DBG_ERR("For 'secuirity = ADS' mode, the 'realm' "
+				"parameter is required to be set!\n");
+			exit(1);
+		}
+	}
+
 	if (!cluster_probe_ok()) {
 		exit(1);
 	}
-- 
2.31.1