samba_upgradedns (was: Re: [PATCH] fix for bug 10882)
Andrew Bartlett
abartlet at samba.org
Thu Sep 22 13:42:31 UTC 2016
On Thu, 2016-09-08 at 22:02 +0100, Rowland Penny wrote:
>
>
> I am now having second thoughts, perhaps this is the right place and
> I
> now think Andrew is wrong!!
>
> I have been re-reading the samba_upgradedns code, the original code
> only deleted the 'dns-*' users if you were upgrading to
> 'SAMBA_INTERNAL', it also only checked for the 'dns-*' user in
> secrets.ldb and only then if you were upgrading to 'BIND(_DLZ'.
> After checking and not deleting any user (remember most people would
> be
> running this code if they had rather foolishly deleted the 'dns-*'
> user
> in sam.ldb) it then goes on to totally recreate the dns directory,
> this
> must be more disruptive than recreating a keytab that is only used by
> the DC.
>
> My changes just make the user deletions happen before anything else
> and
> it checks in both locations and what's more it works.
I still disagree with removing accounts before the validation or
verification steps.
However, I want to assure you that some progress is being made in this
area, and it hans't been lost.
As part of Bob's intern-ship with Catalyst, Garming and Bob have been
writing up some tests for this area, including with old databases, in
the style of our dbcheck-oldrelease.sh test. This and the existing
tests for this code should give us the testing background to then allow
forward progress here.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list