[Samba] samba4.1 RODC with BIND as DNS backend

Andrew Bartlett abartlet at samba.org
Mon Nov 18 23:02:19 MST 2013 

On Mon, 2013-11-18 at 23:59 -0500, Michael Brown wrote:
> On 13-11-18 05:23 PM, Michael Brown wrote:
> > On 13-11-18 04:38 PM, Michael Brown wrote:
> >> I'm guessing that this may have to do with the fact that this is an 
> >> RODC?
> > Looks like I'm probably right.
> >
> > I just dcpromo'ed a Windows RODC into the environment and it didn't 
> > add entries into gc._msdcs.
> Further to that, how do people feel about:
> 
> --- samba_dnsupdate.DIST        2013-11-18 23:12:09.000000000 -0500
> +++ samba_dnsupdate     2013-11-18 23:53:11.000000000 -0500
> @@ -168,7 +168,11 @@
>       """parse a DNS line from."""
>       if line.startswith("SRV _ldap._tcp.pdc._msdcs.") and not 
> samdb.am_pdc():
>           if opts.verbose:
> -            print "Skipping PDC entry (%s) as we are not a PDC" % line
> +            print "Skipping PDC entry (%s) as we are not a PDC" % ' 
> '.join(line.split())
> +        return None
> +    if line.split()[1] == "gc._msdcs.${DNSFOREST}" and samdb.am_rodc():
> +        if opts.verbose:
> +            print "Skipping GC entry (%s) as we are a RODC" % ' 
> '.join(line.split())
>           return None
>       subline = samba.substitute_var(line, sub_vars)
>       return dnsobj(subline)
> @@ -451,9 +455,20 @@
>       sub_vars = {}
>   else:
>       samdb = SamDB(url=lp.samdb_url(), session_info=system_session(), 
> lp=lp)
> +    if opts.verbose:
> +        print "This server is %s" % \
> +            { (False,False): "not a PDC emulator or RODC",
> +              (True, False): "a PDC emulator",
> +              (False,True) : "an RODC",
> +              (True, True) : "a PDC emulator and RODC (impossible?)"}\
> +            [samdb.am_pdc(),samdb.am_rodc()]
> 
>       # get the substitution dictionary
>       sub_vars = get_subst_vars(samdb)
> +    if opts.verbose:
> +        print "Substitution variables:"
> +        for k,v in sub_vars.items():
> + print " %s: %s" % (k,v)
> 
>   # build up a list of update commands to pass to nsupdate
>   update_list = []

I like it very much.  I assume you tested it and it fixes the issue?

If so, can you post it as a 'git format-patch -1' formatted patch so I
can review it and get it into master?

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list