Commit e23e8d9f authored by Andrew Bartlett's avatar Andrew Bartlett

s3-rpc_server: Disable the NETLOGON server by default

The NETLOGON server is only needed when the classic/NT4 DC is enabled
and has been the source of security issues in the past.  Therefore
reduce the attack surface.
Signed-off-by: default avatarAndrew Bartlett <>
Reviewed-by: default avatarGarming Sam <>
parent e13b21d9
......@@ -336,3 +336,7 @@
# We currently don't send referrals for LDAP modify of non-replicated attrs
# NETLOGON is disabled in any non-DC environments
......@@ -47,6 +47,7 @@ enum rpc_service_mode_e rpc_service_mode(const char *name)
const char *rpcsrv_type;
enum rpc_service_mode_e state;
const char *def;
enum server_role server_role = lp_server_role();
int i;
/* Handle pipes with multiple names */
......@@ -71,6 +72,21 @@ enum rpc_service_mode_e rpc_service_mode(const char *name)
* Only enable the netlogon server by default if we are a
* classic/NT4 domain controller
if (strcasecmp_m(name, "netlogon") == 0) {
switch (server_role) {
def = "disabled";
rpcsrv_type = lp_parm_const_string(GLOBAL_SECTION_SNUM,
"rpc_server", pipe_name, def);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment