[Samba] samba4.1 RODC with BIND as DNS backend
abartlet at samba.org
Tue Nov 19 11:32:03 MST 2013
On Tue, 2013-11-19 at 11:36 -0500, Michael Brown wrote:
> On 13-11-19 01:02 AM, Andrew Bartlett wrote:
> > I like it very much. I assume you tested it and it fixes the issue?
> Near as I can tell. It does what I intended it to do, but I have no
> assurance that I was correct in doing so. But this kind of thing is what
> I'm spending ALL my time on for the next two weeks.
> > If so, can you post it as a 'git format-patch -1' formatted patch so I
> > can review it and get it into master?
> I just joined a Windows RODC to the same site in my lab to compare
> behaviour. It used the other (samba4) DNS server to create records. I
> got a few messages in the named log that concern me:
> Nov 19 10:41:34 sles-shire named: samba_dlz: failed to modify DC=@,DC=main.adlab.netdirect.ca,CN=MicrosoftDNS,DC=DomainDnsZones,DC=main,DC=adlab,DC=netdirect,DC=ca - Invalid LDB reply type 1
> ... (no idea what to do)
We may need code in the DLZ module to ask it to outright refuse all
modifications up front, and to never attempt to make modifications
itself. After all, it is an RODC.
Any DNS records it must update should be done via the samba_dnsupdate
script because that knows how to ask the RW DC to do it (over
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba