[PATCH] make samba-tool aware of all 7 fsmo roles

Rowland Penny repenny241155 at gmail.com
Wed May 20 05:21:23 MDT 2015


On 20/05/15 08:11, Stefan (metze) Metzmacher wrote:
> Hi Rowland,
>
>> It will via 'samba-tool fsmo show' display the 7 roles, the well known 5
>> and the 2 dns ones
>> It will transfer any or all of the roles (it actually seizes the 2 dns
>> roles, this seems to be the only way to do it)
>> it will seize all of the roles.
> Thank you very much for working on this!
>
> This should be able to fix https://bugzilla.samba.org/show_bug.cgi?id=10734
>
>>  From b1d6a6de51666b40a794512ed7e6e495a2aca319 Mon Sep 17 00:00:00 2001
>> From: Rowland Penny <repenny241155 at gmail.com>
>> Date: Tue, 19 May 2015 17:02:02 +0100
>> Subject: [PATCH 2/2] make samba-tool aware of all 7 fsmo roles Signed-off-by:
>>   Rowland Penny <repenny241155 at gmail.com>
> Can you change the commit message to this:
>
>      samba-tool: make 'samba-tool fsmo *' aware of all 7 fsmo roles
>
>      BUG: https://bugzilla.samba.org/show_bug.cgi?id=10734
>
>      Signed-off-by: Rowland Penny <repenny241155 at gmail.com>

Hi Stefan,

Done

>
>> ---
>>   python/samba/netcmd/fsmo.py |   58 +++++++++++++++++++++++++++++++++++++++----
>>   1 file changed, 53 insertions(+), 5 deletions(-)
>>
>> diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py
>> index 1bc4a96..326d9ce 100644
>> --- a/python/samba/netcmd/fsmo.py
>> +++ b/python/samba/netcmd/fsmo.py
>> @@ -50,6 +50,7 @@ def transfer_role(outf, role, samdb):
>>           m["becomeDomainMaster"]= ldb.MessageElement(
>>               "1", ldb.FLAG_MOD_REPLACE,
>>               "becomeDomainMaster")
>> +        samdb.modify(m)
>>       elif role == "infrastructure":
>>           m["becomeInfrastructureMaster"]= ldb.MessageElement(
>>               "1", ldb.FLAG_MOD_REPLACE,
> Why this hunk? samdb.modify(m) is called further down.
>
> This seems to revert the patch from
> https://bugzilla.samba.org/show_bug.cgi?id=10924

OOPS, missed that bug report (and the line that shouldn't be there), I 
was also working from an earlier version of fsmo.py and just cut & 
pasted the entire file over the original, won't do that again.

>
>> @@ -58,6 +59,26 @@ def transfer_role(outf, role, samdb):
>>           m["becomeSchemaMaster"]= ldb.MessageElement(
>>               "1", ldb.FLAG_MOD_REPLACE,
>>               "becomeSchemaMaster")
>> +    elif role == "domaindns":
>> +        # this would work in the same way as the infrastructure role if the schema allowed it
>> +        # but it doesn't, so will have to sieze
> Can you explain this a bit?
> What is this different (in detail)?

To tranfer the main 5 roles, you just create an attribute called 
'become****' containing '1' in the DN that you want to transfer i.e. 
create 'becomeRidMaster: 1' to transfer the RIDMaster role. There isn't 
a 'become****' attribute for the two dns roles (or at least I cannot 
find them and believe me, I tried), so it seems the only way to change 
them is to seize them.

>
>> +        domain_dn = samdb.domain_dn()
>> +        domaindns_dn = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
> As the dns zones are optional, we should check they exist and give
> a proper error/warning message if we don't find them.
>
> That applies also to the other hunks below.

Hopefully the changes I have made will cover what you asked for.

>
>> +        m.dn = ldb.Dn(samdb, domaindns_dn)
>> +        dro = samdb.get_dsServiceName()
>> +        m["fSMORoleOwner"]= ldb.MessageElement(
>> +            "%s" % dro, ldb.FLAG_MOD_REPLACE,
>> +            "fSMORoleOwner")
>> +    elif role == "forestdns":
>> +        # this would work in the same way as the infrastructure role if the schema allowed it
>> +        # but it doesn't, so will have to sieze
>> +        domain_dn = samdb.domain_dn()
>> +        forestdns_dn = "CN=Infrastructure,DC=ForestDnsZones," + domain_dn
>> +        m.dn = ldb.Dn(samdb, forestdns_dn)
>> +        fro = samdb.get_dsServiceName()
>> +        m["fSMORoleOwner"]= ldb.MessageElement(
>> +            "%s" % fro, ldb.FLAG_MOD_REPLACE,
>> +            "fSMORoleOwner")
>>       else:
>>           raise CommandError("Invalid FSMO role.")
>>       try:
>> @@ -66,7 +87,6 @@ def transfer_role(outf, role, samdb):
>>           raise CommandError("Failed to initiate transfer of '%s' role: %s" % (role, msg))
>>       outf.write("FSMO transfer of '%s' role successful\n" % role)
>>   
>> -
>>   class cmd_fsmo_seize(Command):
>>       """Seize the role."""
> I think we should leave the empty line above...

Line left in :-)

see latest attached patch

Rowland
>> @@ -82,13 +102,15 @@ class cmd_fsmo_seize(Command):
>>           Option("-H", "--URL", help="LDB URL for database or target server", type=str,
>>                  metavar="URL", dest="H"),
>>           Option("--force", help="Force seizing of the role without attempting to transfer first.", action="store_true"),
>> -        Option("--role", type="choice", choices=["rid", "pdc", "infrastructure","schema","naming","all"],
>> +        Option("--role", type="choice", choices=["rid", "pdc", "infrastructure","schema","naming","domaindns","forestdns","all"],
>>                  help="""The FSMO role to seize or transfer.\n
>>   rid=RidAllocationMasterRole\n
>>   schema=SchemaMasterRole\n
>>   pdc=PdcEmulationMasterRole\n
>>   naming=DomainNamingMasterRole\n
>>   infrastructure=InfrastructureMasterRole\n
>> +domaindns=DomainDnsZonesMasterRole\n
>> +forestdns=ForestDnsZonesMasterRole\n
>>   all=all of the above"""),
>>           ]
>>   
>> @@ -104,6 +126,8 @@ all=all of the above"""),
>>           self.naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
>>           self.schema_dn = str(samdb.get_schema_basedn())
>>           self.rid_dn = "CN=RID Manager$,CN=System," + domain_dn
>> +        self.domaindns_dn = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
>> +        self.forestdns_dn = "CN=Infrastructure,DC=ForestDnsZones," + domain_dn
>>   
>>           m = ldb.Message()
>>           if role == "rid":
>> @@ -116,6 +140,10 @@ all=all of the above"""),
>>               m.dn = ldb.Dn(samdb, self.infrastructure_dn)
>>           elif role == "schema":
>>               m.dn = ldb.Dn(samdb, self.schema_dn)
>> +        elif role == "domaindns":
>> +            m.dn = ldb.Dn(samdb, self.domaindns_dn)
>> +        elif role == "forestdns":
>> +            m.dn = ldb.Dn(samdb, self.forestdns_dn)
>>           else:
>>               raise CommandError("Invalid FSMO role.")
>>           #first try to transfer to avoid problem if the owner is still active
>> @@ -155,6 +183,8 @@ all=all of the above"""),
>>               self.seize_role("naming", samdb, force)
>>               self.seize_role("infrastructure", samdb, force)
>>               self.seize_role("schema", samdb, force)
>> +            self.seize_role("domaindns", samdb, force)
>> +            self.seize_role("forestdns", samdb, force)
>>           else:
>>               self.seize_role(role, samdb, force)
>>   
>> @@ -189,6 +219,8 @@ class cmd_fsmo_show(Command):
>>           self.naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
>>           self.schema_dn = samdb.get_schema_basedn()
>>           self.rid_dn = "CN=RID Manager$,CN=System," + domain_dn
>> +        self.domaindns_dn = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
>> +        self.forestdns_dn = "CN=Infrastructure,DC=ForestDnsZones," + domain_dn
>>   
>>           res = samdb.search(self.infrastructure_dn,
>>                              scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>> @@ -215,12 +247,23 @@ class cmd_fsmo_show(Command):
>>           assert len(res) == 1
>>           self.ridMaster = res[0]["fSMORoleOwner"][0]
>>   
>> +        res = samdb.search(self.domaindns_dn,
>> +                           scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>> +        assert len(res) == 1
>> +        self.domaindnszonesMaster = res[0]["fSMORoleOwner"][0]
>> +
>> +        res = samdb.search(self.forestdns_dn,
>> +                           scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>> +        assert len(res) == 1
>> +        self.forestdnszonesMaster = res[0]["fSMORoleOwner"][0]
>> +
>> +        self.message("SchemaMasterRole owner: " + self.schemaMaster)
>>           self.message("InfrastructureMasterRole owner: " + self.infrastructureMaster)
>>           self.message("RidAllocationMasterRole owner: " + self.ridMaster)
>>           self.message("PdcEmulationMasterRole owner: " + self.pdcEmulator)
>>           self.message("DomainNamingMasterRole owner: " + self.namingMaster)
>> -        self.message("SchemaMasterRole owner: " + self.schemaMaster)
>> -
>> +        self.message("DomainDnsZonesMasterRole owner: " + self.domaindnszonesMaster)
>> +        self.message("ForestDnsZonesMasterRole owner: " + self.forestdnszonesMaster)
>>   
>>   class cmd_fsmo_transfer(Command):
>>       """Transfer the role."""
>> @@ -236,13 +279,15 @@ class cmd_fsmo_transfer(Command):
>>       takes_options = [
>>           Option("-H", "--URL", help="LDB URL for database or target server", type=str,
>>                  metavar="URL", dest="H"),
>> -        Option("--role", type="choice", choices=["rid", "pdc", "infrastructure","schema","naming","all"],
>> +        Option("--role", type="choice", choices=["rid","pdc","infrastructure","schema","naming","domaindns","forestdns","all"],
>>                  help="""The FSMO role to seize or transfer.\n
>>   rid=RidAllocationMasterRole\n
>>   schema=SchemaMasterRole\n
>>   pdc=PdcEmulationMasterRole\n
>>   naming=DomainNamingMasterRole\n
>>   infrastructure=InfrastructureMasterRole\n
>> +domaindns=DomainDnsZonesMasterRole\n
>> +forestdns=ForestDnsZonesMasterRole\n
>>   all=all of the above"""),
>>           ]
>>   
>> @@ -263,6 +308,8 @@ all=all of the above"""),
>>               transfer_role(self.outf, "naming", samdb)
>>               transfer_role(self.outf, "infrastructure", samdb)
>>               transfer_role(self.outf, "schema", samdb)
>> +            transfer_role(self.outf, "domaindns", samdb)
>> +            transfer_role(self.outf, "forestdns", samdb)
>>           else:
>>               transfer_role(self.outf, role, samdb)
>>   
>> @@ -274,3 +321,4 @@ class cmd_fsmo(SuperCommand):
>>       subcommands["seize"] = cmd_fsmo_seize()
>>       subcommands["show"] = cmd_fsmo_show()
>>       subcommands["transfer"] = cmd_fsmo_transfer()
>> +
> This extra line is also not needed...
>
> Thanks!
> metze
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-samba-tool-make-samba-tool-fsmo-aware-of-all-7-fsmo-.patch
Type: text/x-diff
Size: 7114 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150520/a0250844/attachment.patch>


More information about the samba-technical mailing list