[SAMBA4] Review of get-dc-info-01.diff
Stefan (metze) Metzmacher
metze at samba.org
Wed Dec 27 12:21:30 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Bartlett schrieb:
> On Wed, 2006-12-27 at 11:18 +1100, Andrew Bartlett wrote:
>> Metze,
>>
>> I've been looking at your patch
>> http://samba.org/~metze/get-dc-info-01.diff and I don't think it's
>> correct. In particular, it appears that the masteredBy element is not
>> updated by Samba's current join process, but that Samba 'domain
>> controllers' appear in the output of DsGetDomainControllerInfo.
>>
>> I'm improving the torture test at the moment, which as usual shows that
>> things are much more complex than they appear at first...
>
> My test now shows that the masteredBy element doesn't control this
> output. Presumably this is because we can have domain controllers that
> are not masters (read only DC).
>
> Also, the info level -1 is a entirely different beast, some kind of last
> logon record, I think. The first field is an IP address.
Yes, I looked at it closer and found out the same things...
I think the level -1 is a bit like the -4 level of
DsReplicaGetInfo().
I think the correct way to implement the levels 1,2 of
DsGetDomainControllerInfo() is doing this:
lookup the domain with samdb_domain_to_dn(),
and then do a search with the domain dn of basedn
and the following filter:
(&(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=0x00002000))'
And then construct the rest of the needed info by following the
serverReferenceBL of the computer account to get the server object
if it exists. Then we can lookup the ntDSDSA object and the site object.
and fill in all available info.
metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFFkmVKm70gjA5TCD8RAlCVAJ9VeeuuTJ1GISMD0843EaGjPIKehACfW955
oDHG0BkynPAzVTnQPeluJCA=
=5iC3
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list