AD DC patches including RODC and DNS fixes

Andrew Bartlett abartlet at samba.org
Mon May 5 20:54:29 MDT 2014


On Tue, 2014-05-06 at 04:36 +0200, Jelmer Vernooij wrote:
> On Tue, May 06, 2014 at 02:04:43PM +1200, Andrew Bartlett wrote:
> > From 9041f7a963c27e489e71f094b411c406bb5b5abc Mon Sep 17 00:00:00 2001
> > From: Michael Brown <michael at netdirect.ca>
> > Date: Thu, 21 Nov 2013 10:56:10 -0500
> > Subject: [PATCH 1/2] samba_dnsupdate changes for better RODC support
> > 
> > * samba_dnsupdate: reformat some verbose messages
> > * samba_dnsupdate: skip top-level GC DNS entries if we're an RODC
> > * samba_dnsupdate: default weight for RODC SRV records should be 100
> >   (which matches what Windows 2008R2 does in the same situation)
> > * samba_dnsupdate: verbose -> indicate whether server is a RODC/PDC
> > * samba_dnsupdate: verbose -> print out substitution vars
> > * dns_update_list: add site-specific _ldap SRV entries for RODC
> >   (which matches what Windows 2008R2 does in the same situation)
> > ---
> >  source4/scripting/bin/samba_dnsupdate | 23 +++++++++++++++++------
> >  source4/setup/dns_update_list         |  2 ++
> >  2 files changed, 19 insertions(+), 6 deletions(-)
> > 
> > diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
> > index 68b0f72..02364be 100755
> > --- a/source4/scripting/bin/samba_dnsupdate
> > +++ b/source4/scripting/bin/samba_dnsupdate
> > @@ -168,7 +168,11 @@ def parse_dns_line(line, sub_vars):
> >      """parse a DNS line from."""
> >      if line.startswith("SRV _ldap._tcp.pdc._msdcs.") and not samdb.am_pdc():
> >          if opts.verbose:
> > -            print "Skipping PDC entry (%s) as we are not a PDC" % line
> > +            print "Skipping PDC entry (%s) as we are not a PDC" % ' '.join(line.split())
> What is this supposed to do exactly? Replace tabs with spaces?
> 
> Can we just do the split once per line, at the beginning of this loop?
> 
> > +        return None
> > +    if line.split()[1] == "gc._msdcs.${DNSFOREST}" and samdb.am_rodc():
> ^^ Urgh. Perhaps just use startswith() rather than using something
> that relies on specific variable names?
> 
> > +        if opts.verbose:
> > +            print "Skipping GC entry (%s) as we are a RODC" % ' '.join(line.split())
> >          return None
> >      subline = samba.substitute_var(line, sub_vars)
> >      return dnsobj(subline)
> > @@ -451,9 +451,20 @@ if opts.nosubs:
> >      sub_vars = {}
> >  else:
> >      samdb = SamDB(url=lp.samdb_url(), session_info=system_session(), lp=lp)
> > +    if opts.verbose:
> > +        print "This server is %s" % \
> > +            { (False,False): "not a PDC emulator or RODC",
> > +              (True, False): "a PDC emulator",
> > +              (False,True) : "an RODC",
> > +              (True, True) : "a PDC emulator and RODC (impossible?)"}\
> > +            [samdb.am_pdc(),samdb.am_rodc()]
> Please add a space after comma's.
> 
> >      # get the substitution dictionary
> >      sub_vars = get_subst_vars(samdb)
> > +    if opts.verbose:
> > +        print "Substitution variables:"
> > +        for k,v in sub_vars.items():
> > +            print " %s: %s" % (k,v)
> Likewise.
>  
> > diff --git a/python/samba/netcmd/rodc.py b/python/samba/netcmd/rodc.py
> > index 2dc6112..ff2fe09 100644
> > --- a/python/samba/netcmd/rodc.py
> > +++ b/python/samba/netcmd/rodc.py
> > @@ -91,11 +91,12 @@ class cmd_rodc_preload(Command):
> >          destination_dsa_guid = misc.GUID(local_samdb.get_ntds_GUID())
> >  
> >          local_samdb.transaction_start()
> > -        repl = drs_Replicate("ncacn_ip_tcp:%s[seal,print]" % server, lp, creds, local_samdb)
> > +        repl = drs_Replicate("ncacn_ip_tcp:%s[seal,print]" % server, lp, creds, local_samdb, destination_dsa_guid)
> I suspect this line is too long.

Thanks Jelmer,

Any thoughts on metze's patches?  (He avoids the whole issue of picking
out unwanted names by moving it to the config file). 

I'll fix up the drs_Replicate missing parameter and get it back to you.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140506/b4fa4dfc/attachment.pgp>


More information about the samba-technical mailing list