[PATCH] Add a new tool, 'samba-tool domain clone'
Andrew Bartlett
abartlet at samba.org
Thu Aug 20 03:51:26 UTC 2015
On Thu, 2015-08-20 at 10:07 +1200, Andrew Bartlett wrote:
> On Wed, 2015-08-19 at 06:56 +0200, Stefan Metzmacher wrote:
> > Hi Andrew,
> >
> > > > > If you just want to test the replication you can use net rpc
> > > > > vampire
> > > > > keytab,
> > > > > but I guess it's not just replication you want to test...
> > > No, what I'm interested in is joining a domain without creating
> > > objects, to confirm:
> > > - that we can indeed import the schema
> > > - that the import is correct (we can use tools like ldapcmp to
> > > verify)
> > > - that we support the functional levels etc
> > >
> > > The idea is that we would encourage admins to run 'samba-tool
> > > domain
> > > clone' as a discovery measure, before committing to having Samba
> > > objects in their directory, that would have to be removed again.
> > >
> > > To make it even safer, I've extended the tool to have a --include
> > > -secrets option that asks the Windows 2008 or later server not to
> > >
> > > send
> > > us the secret values, and to make decrypting them fail if we get
> > > them
> > > regardless. This would allow us as developers to obtain a copy
> > > of
> > > a
> > > failing Samba domain from production sites for analysis, without
> > > risking the most private values.
> >
> > Ok.
> >
> > I'm still not really happy with the name 'samba-tool domain clone'.
> > I'd like to make it more obvious that this is just for
> > testing/simulating.
> > Maybe something like 'samba-tool domain simulate-initial
> > -replication',
> > but that's a bit long. Any better ideas?
>
> I understand your concerns, and I'll think about a better name.
What about online-export or (less preferred) drs-export?
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150820/ae3b4cab/signature.sig>
More information about the samba-technical
mailing list