lib/param: Consolidate code to enable smb signing on the server, always enable on AD DC

This uses the code from the source4/ SMB server (the NTVFS smb server)
in common, to force SMB Signing to be on when we are an AD DC.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Nov 22 13:13:05 CET 2013 on sn-devel-104

1 files changed, 7 insertions, 2 deletions

diff --git a/docs-xml/smbdotconf/security/serversigning.xml b/docs-xml/smbdotconf/security/serversigning.xml
index 0aced5d3c1..c94a3ee6ba 100644
--- a/docs-xml/smbdotconf/security/serversigning.xml
+++ b/docs-xml/smbdotconf/security/serversigning.xml
@@ -6,10 +6,15 @@
 <description>
 
     <para>This controls whether the client is allowed or required to use SMB1 and SMB2 signing. Possible values
-    are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
+    are <emphasis>default</emphasis>, <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
     and <emphasis>disabled</emphasis>.
     </para>
 
+    <para>By default, and when smb signing is set to
+    <emphasis>default</emphasis>, smb signing enabled when
+    <smbconfoption name="server role"/> is <emphasis>active directory
+    domain controller</emphasis> and disabled otherwise.</para>
+
     <para>When set to auto, SMB1 signing is offered, but not enforced.
     When set to mandatory, SMB1 signing is required and if set
     to disabled, SMB signing is not offered either.</para>
@@ -20,5 +25,5 @@
     will still require SMB2 clients to use signing.</para>
 </description>
 
-<value type="default">Disabled</value>
+<value type="default">default</value>
 </samba:parameter>