[PATCH] DNS and Subdomain patches
Andrew Bartlett
abartlet at samba.org
Tue Sep 2 00:07:40 MDT 2014
On Mon, 2014-09-01 at 13:54 +0200, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
>
> >> I'm still working on tidying the rest up, but I expect to have it back
> >> to you tomorrow.
> >
> > The patches that had sufficient review are in master, and the rest is in
> > my subdomain-wip tree.
> >
> > Can you clarify to me what more you want done on the crossRef partitions
> > patch, beyond your improved API (which I'm quite happy with, and I fixed
> > to use ctx.domsid)?
>
> The patch is fine.
Can you please push it then?
> But reading the context of this change showed a possible 2nd problem
> with the same LDAP object.
>
> I see windows used the 'rootTrust' attribute instead of 'trustParent'.
>
> There might be also other related problems.
> so it would be good to have a Windows 2012R2 enviroment with
> msDS-Behavior-Version=4 with the following 6 domains
> in just one forest with 'DC=rootdomain,DC=example,DC=com'
> as forestroot:
>
> DC=rootdomain,DC=example,DC=com
> DC=rootlevel1,DC=rootdomain,DC=example,DC=com
> DC=rootlevel2,DC=rootlevel1,DC=rootdomain,DC=example,DC=com
> DC=otherdomain,DC=example,DC=com
> DC=otherlevel1,DC=otherdomain,DC=example,DC=com
> DC=otherlevel2,DC=otherlevel1,DC=otherdomain,DC=example,DC=com
I'm not sure I can promise to create 6 domains any time soon. As each
needs a unique SID, I can't just clone them, and it becomes a total pain
to manage more than just 3 or 4 VMs...
> Then setup the same thing with samba
> and compare the objects under
> CN=Partitions,CN=Configuration,DC=rootdomain,DC=example,DC=com
> (including the nTSecurityDescriptor attribute).
> As well as "*,nTSecurityDescriptor" for the domain (and DomainDnsZones)
> partitions.
Also, can you look at the subdomain-wip branch, not as a final review,
but to let me know if I am working in the right direction? Do you have
any comments on the approach taken in the patch? Is the idea to use smb
signing in winbindd reasonable?
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list