[SAMBA4] Should 'PDC status' be an smb.conf, or ldb parameter?

Stefan (metze) Metzmacher metze at samba.org
Tue Dec 12 23:41:29 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Bartlett schrieb:
> I've recently been doing work to improve our 'CrackNames' code, and I
> have opened a can of worms:
> To pass our RPC-CRACKNAMES test, we need to implement
> DsGetDomainControllerInfo.  This lists details about domain controllers,
> from the information in the directory.  In particular, it lists which is
> the PDC emulator.
> 
> This sent me off in search of how this is recorded in the directory, and
> I found it is controlled/recorded by the value of the fSMORoleOwner
> attribute in the base DN for the domain.  This script: 
> http://techtasks.com/code/viewbookcode/64 shows how it works nicely.  
> 
> I now have code in our SAMR server to identify the PDC correctly from
> this entry (we would previously always return ourselves as the PDC.
> Clearly nobody cares, as Samba 3.0 does likewise).  (As a side note,
> there seems to also be code in the NBT server that needs a similar
> adjustment).
> 
> The can of worms comes from then determining what server role we are in,
> for the other dependent services.  For example, our NBT server should
> not take the <1b> unless it is the PDC.  Should this continue to be an
> smb.conf setting, or should we read the directory.  If we read the
> directory, how often and from where should we handle this?  Likewise,
> there are announce flags and other similar places where the PDC/BDC
> distinction still remains.
> 
> I've in the past argued for keeping the text-based smb.conf, but for
> this setting, it seems that the directory is more appropriate. 
> 
> Thoughts?

that's fine, I'd like to read a lot more out of the directory,
as that's what we need to do when we want to support replication!

we should also try to have a way to support the BDC in a NT4 domain.

so that we can do migrations by becoming a NT4 BDC, then promote us as a
 NT4 pdc in the domain and then upgrade the domain to active directory
in mixed mode still serving the old NT4 BDC's.

>  
> -	basedn_s = ldb_msg_find_attr_as_string(res->msgs[0], "rootDomainNamingContext", NULL);
> -	if (basedn_s == NULL) {
> +	basedn = ldb_msg_find_attr_as_dn(ldb, tmp_ctx, res->msgs[0], "rootDomainNamingContext");
> +	if (basedn == NULL) {
>  		goto failed;

I think "rootDomainNamingContext" is wrong here, as that means the
forest root domain, and "defaultNamingContext" is the domain partition
of the local dc.

(this appears in some other places in the patch too)

Also it would be nice to have some more torture tests, to make sure
the correct values are returned and used internally.

metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFFfz4pm70gjA5TCD8RAowoAJ44kh2jPgsUTnVfWafzE3YXVQG6hACgmZT1
T2w+tTRALjppvanI8qmcvww=
=aDRl
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list