[PATCH] DNS and Subdomain patches

Stefan (metze) Metzmacher metze at samba.org
Mon Sep 1 05:54:10 MDT 2014

Hi Andrew,

>> I'm still working on tidying the rest up, but I expect to have it back
>> to you tomorrow.
> The patches that had sufficient review are in master, and the rest is in
> my subdomain-wip tree.
> Can you clarify to me what more you want done on the crossRef partitions
> patch, beyond your improved API (which I'm quite happy with, and I fixed
> to use ctx.domsid)?

The patch is fine.

But reading the context of this change showed a possible 2nd problem
with the same LDAP object.

I see windows used the 'rootTrust' attribute instead of 'trustParent'.

There might be also other related problems.
so it would be good to have a Windows 2012R2 enviroment with
msDS-Behavior-Version=4 with the following 6 domains
in just one forest with 'DC=rootdomain,DC=example,DC=com'
as forestroot:


Then setup the same thing with samba
and compare the objects under
(including the nTSecurityDescriptor attribute).
As well as "*,nTSecurityDescriptor" for the domain (and DomainDnsZones)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140901/f16c6b58/attachment.pgp>

More information about the samba-technical mailing list