[PATCH] make samba-tool aware of all 7 fsmo roles
Stefan (metze) Metzmacher
metze at samba.org
Wed May 20 11:36:45 MDT 2015
Am 20.05.2015 um 18:48 schrieb Rowland Penny:
> On 20/05/15 17:33, Stefan (metze) Metzmacher wrote:
>> Am 20.05.2015 um 18:21 schrieb Rowland Penny:
>>> On 20/05/15 17:06, Stefan (metze) Metzmacher wrote:
>>>> Hi Rowland,
>>>>
>>>>>> Can you change the commit message to this:
>>>>>>
>>>>>> samba-tool: make 'samba-tool fsmo *' aware of all 7 fsmo roles
>>>>>>
>>>>>> BUG: https://bugzilla.samba.org/show_bug.cgi?id=10734
>>>>>>
>>>>>> Signed-off-by: Rowland Penny <repenny241155 at gmail.com>
>>>>> Hi Stefan,
>>>>>
>>>>> Done
>>>> I don't see an updated commit message...
>>> Ah, sorry, missed the bug line.
>>>
>>>>>>> @@ -58,6 +59,26 @@ def transfer_role(outf, role, samdb):
>>>>>>> m["becomeSchemaMaster"]= ldb.MessageElement(
>>>>>>> "1", ldb.FLAG_MOD_REPLACE,
>>>>>>> "becomeSchemaMaster")
>>>>>>> + elif role == "domaindns":
>>>>>>> + # this would work in the same way as the infrastructure
>>>>>>> role
>>>>>>> if the schema allowed it
>>>>>>> + # but it doesn't, so will have to sieze
>>>>>> Can you explain this a bit?
>>>>>> What is this different (in detail)?
>>>>> To tranfer the main 5 roles, you just create an attribute called
>>>>> 'become****' containing '1' in the DN that you want to transfer i.e.
>>>>> create 'becomeRidMaster: 1' to transfer the RIDMaster role. There
>>>>> isn't
>>>>> a 'become****' attribute for the two dns roles (or at least I cannot
>>>>> find them and believe me, I tried), so it seems the only way to change
>>>>> them is to seize them.
>>>> Wouldn't it be better to simulate the becomeROLE change behaviour?
>>> Well possibly, but how?
>>> Please bear in mind, until I started looking into this, python was a
>>> very big snake to me, I am used to writing bash scripts :-)
>> :-)
>>
>> I'll try to come up with fix for it.
>
> Hang on, I have been doing some more investigations into this and see
> here: https://msdn.microsoft.com/en-us/library/cc223309.aspx
>
> It seems that you run the transfer on the DC you want to transfer the
> roles to, I suppose that 'becomeInfrastructureMaster' is a big clue :-)
>
> There are no 'becomeDomainDNSMaster' & 'becomeForestDNSMaster'
> attributes, so, yes you could write something that sort of uses those
> attribute names but it would boil down in the end to basically what I
> came up with, changing the fSMORoleOwner contents, this is what
> 'become*****' seems to do anyway i.e. it is just a shortcut!
But becomeInfrastructureMaster doesn't change the local database,
but instead it does a DRSUAPI_EXOP_FSMO_REQ_ROLE operation to the current
role owner, which avoids having two owners at a time.
But I can take care about that part if you want.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150520/e25ad566/attachment.pgp>
More information about the samba-technical
mailing list