More KCC patches

Douglas Bagnall douglas.bagnall at catalyst.net.nz
Wed Jun 10 16:31:42 MDT 2015


hi Denis,

On 11/06/15 09:12, Denis Cardon wrote:
> 
> Just to be sure, in order to test the new kcc, the only thing to add to
> smb.conf file is kccsrv:samba_kcc = true ?

I believe so, and thank you for trying!

> I checked out the kcc-intersite-29 branch on a 2 samba DCs replicating
> the same domain (upgraded from 4.2.0):
>  git clone git://git.catalyst.net.nz/samba.git
>  git checkout kcc-intersite-29
>  git branch
>        kcc-intersite-28
>      * kcc-intersite-29
>        master
>  ./configure
>  make
>  make install
> 
> Then change smb.conf with kccsrv:samba_kcc = true and restart samba
> 
> [root at srvads.tranq samba]# samba -V
> Version 4.3.0pre1-GIT-46431e3
> 
> There is no visible regression, everything is working fine and
> replication is ok both ways.
> 
> However I have two issues when trying the new samba_kcc:
> 
> If I remove the connection object from the console "site and services
> active directory", and run samba_kcc by hand, I get 10 "loopback"
> replication connections automatically created... (cf. attachment). The
> mmc display looks coherent with what samba-tool drs showrepl says.
> 
> The test domain has seen almost all the samba releases from the late
> beta onward (and had quite a tumultuous life), so perhaps I'll try
> tomorow on a more pristine domain...

Well, real life Samba installs have tumultuous lives too, so this is
still a useful test.

Would it be possible for us to get an ldif dump of the network? Via
something like this:

./bin/samba_kcc --exportldif=mysite.ldif -H
ldap://win2012r2-2.ad.example.com \
    -Uadministrator%password

Please send it privately if there's anything secret about the network.

> Another thing : if I delete all the automatically created connexion and
> then create the connexion by hand, replication is working fine, however,
> when running samba_kcc, I then get the following error :
> 
> [root at srvads.tranq samba]# samba_kcc
> 'module' object has no attribute 'replSchedule'
> 
> Taking a look at the drsblobs object :
> 
>>>> drsblobs.replSchedule
> Traceback (most recent call last):
>   File "<console>", line 1, in <module>
> AttributeError: 'module' object has no attribute 'replSchedule'
>>>> drsblobs
> <module 'samba.dcerpc.drsblobs' from
> '/usr/local/samba/lib/python2.7/site-packages/samba/dcerpc/drsblobs.so'>
>>>> dir(drsblobs)
> ['AuthInfoClear', 'AuthInfoNT4Owf', .... , 'schedule', .... ]
> 
> The drsblobs object has a "schedule" attribute but not a "replSchedule",
> which is actually coherent with the ./librpc/idl/drsblobs.idl file from
> my checkout. Perhaps I have messed up with my git tree...

One thing that has caught us out a few times is the *.pyc files that
python compiles from the .py modules. The build process doesn't track
them, and python works out when to regenerate using the timestamps. A
git checkout gives files the timestamps that git thinks they should,
rather than the time of the checkout, so python misses the change and
you get all kinds of weird errors. We have taken to using lines like
this for our tests:

  make -j && find . -name \*.pyc -delete && bin/samba_kcc [...]

> By the way, looking a the kcc computation logic code, it is really mind
> bloggling! Keep on the good job!

It is fair to say that Garming and I frequently suffered from boggled
minds in the course of this work.

cheers,
Douglas


More information about the samba-technical mailing list