AD DC patches including RODC and DNS fixes

Stefan (metze) Metzmacher metze at samba.org
Tue May 6 08:23:38 MDT 2014 

Am 06.05.2014 15:36, schrieb Jelmer Vernooij:
> On Tue, May 06, 2014 at 02:54:29PM +1200, Andrew Bartlett wrote:
>> On Tue, 2014-05-06 at 04:36 +0200, Jelmer Vernooij wrote:
>>> On Tue, May 06, 2014 at 02:04:43PM +1200, Andrew Bartlett wrote:
>>>> From 9041f7a963c27e489e71f094b411c406bb5b5abc Mon Sep 17 00:00:00 2001
>>>> From: Michael Brown <michael at netdirect.ca>
>>>> Date: Thu, 21 Nov 2013 10:56:10 -0500
>>>> Subject: [PATCH 1/2] samba_dnsupdate changes for better RODC support
>>>>
>>>> * samba_dnsupdate: reformat some verbose messages
>>>> * samba_dnsupdate: skip top-level GC DNS entries if we're an RODC
>>>> * samba_dnsupdate: default weight for RODC SRV records should be 100
>>>>   (which matches what Windows 2008R2 does in the same situation)
>>>> * samba_dnsupdate: verbose -> indicate whether server is a RODC/PDC
>>>> * samba_dnsupdate: verbose -> print out substitution vars
>>>> * dns_update_list: add site-specific _ldap SRV entries for RODC
>>>>   (which matches what Windows 2008R2 does in the same situation)
>>>> ---
>>>>  source4/scripting/bin/samba_dnsupdate | 23 +++++++++++++++++------
>>>>  source4/setup/dns_update_list         |  2 ++
>>>>  2 files changed, 19 insertions(+), 6 deletions(-)
>>>>
>>>> diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
>>>> index 68b0f72..02364be 100755
>>>> --- a/source4/scripting/bin/samba_dnsupdate
>>>> +++ b/source4/scripting/bin/samba_dnsupdate
>>>> @@ -168,7 +168,11 @@ def parse_dns_line(line, sub_vars):
>>>>      """parse a DNS line from."""
>>>>      if line.startswith("SRV _ldap._tcp.pdc._msdcs.") and not samdb.am_pdc():
>>>>          if opts.verbose:
>>>> -            print "Skipping PDC entry (%s) as we are not a PDC" % line
>>>> +            print "Skipping PDC entry (%s) as we are not a PDC" % ' '.join(line.split())
>>> What is this supposed to do exactly? Replace tabs with spaces?
>>>
>>> Can we just do the split once per line, at the beginning of this loop?
>>>
>>>> +        return None
>>>> +    if line.split()[1] == "gc._msdcs.${DNSFOREST}" and samdb.am_rodc():
>>> ^^ Urgh. Perhaps just use startswith() rather than using something
>>> that relies on specific variable names?
>>>
>>>> +        if opts.verbose:
>>>> +            print "Skipping GC entry (%s) as we are a RODC" % ' '.join(line.split())
>>>>          return None
>>>>      subline = samba.substitute_var(line, sub_vars)
>>>>      return dnsobj(subline)
>>>> @@ -451,9 +451,20 @@ if opts.nosubs:
>>>>      sub_vars = {}
>>>>  else:
>>>>      samdb = SamDB(url=lp.samdb_url(), session_info=system_session(), lp=lp)
>>>> +    if opts.verbose:
>>>> +        print "This server is %s" % \
>>>> +            { (False,False): "not a PDC emulator or RODC",
>>>> +              (True, False): "a PDC emulator",
>>>> +              (False,True) : "an RODC",
>>>> +              (True, True) : "a PDC emulator and RODC (impossible?)"}\
>>>> +            [samdb.am_pdc(),samdb.am_rodc()]
>>> Please add a space after comma's.
>>>
>>>>      # get the substitution dictionary
>>>>      sub_vars = get_subst_vars(samdb)
>>>> +    if opts.verbose:
>>>> +        print "Substitution variables:"
>>>> +        for k,v in sub_vars.items():
>>>> +            print " %s: %s" % (k,v)
>>> Likewise.
>>>  
>>>> diff --git a/python/samba/netcmd/rodc.py b/python/samba/netcmd/rodc.py
>>>> index 2dc6112..ff2fe09 100644
>>>> --- a/python/samba/netcmd/rodc.py
>>>> +++ b/python/samba/netcmd/rodc.py
>>>> @@ -91,11 +91,12 @@ class cmd_rodc_preload(Command):
>>>>          destination_dsa_guid = misc.GUID(local_samdb.get_ntds_GUID())
>>>>  
>>>>          local_samdb.transaction_start()
>>>> -        repl = drs_Replicate("ncacn_ip_tcp:%s[seal,print]" % server, lp, creds, local_samdb)
>>>> +        repl = drs_Replicate("ncacn_ip_tcp:%s[seal,print]" % server, lp, creds, local_samdb, destination_dsa_guid)
>>> I suspect this line is too long.
>>
>> Thanks Jelmer,
>>
>> Any thoughts on metze's patches?  (He avoids the whole issue of picking
>> out unwanted names by moving it to the config file). 
> 
> Which of metzes patches are you referring to?

The dnsupdate related patches in
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-abartlet2
But they're not final!

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140506/2c32c772/attachment.pgp>

More information about the samba-technical mailing list