[Samba] samba_kcc RODC failes with NT_STATUS_ACCESS_DENIED
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Sat Nov 11 00:15:11 UTC 2017
hi Andrej,
Yes, this is the correct fix:
> diff --git a/python/samba/kcc/__init__.py b/python/samba/kcc/__init__.py
> index 6f973ea..46689da 100644
> --- a/python/samba/kcc/__init__.py
> +++ b/python/samba/kcc/__init__.py
> @@ -1498,13 +1498,13 @@ class KCC(object):
> dsdb.NTDSSITELINK_OPT_DISABLE_COMPRESSION) != 0):
> cn.options |= \
> dsdb.NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION
> cn.set_modified(True)
>
> # Display any modified connection
> - if self.readonly:
> + if self.readonly or ldsa.is_ro():
> if cn.to_be_modified:
> logger.info("TO BE MODIFIED:\n%s" % cn)
>
> ldsa.commit_connections(self.samdb, ro=True)
> else:
> ldsa.commit_connections(self.samdb)
> @@ -1582,13 +1582,13 @@ class KCC(object):
> dsdb.SYSTEM_FLAG_CONFIG_ALLOW_MOVE)
>
> cn = lbh.new_connection(opt, system_flags, transport,
> rbh.dsa_dnstr, link_sched)
>
> # Display any added connection
> - if self.readonly:
> + if self.readonly or lbh.is_ro():
> if cn.to_be_added:
> logger.info("TO BE ADDED:\n%s" % cn)
>
> lbh.commit_connections(self.samdb, ro=True)
> else:
> lbh.commit_connections(self.samdb)
>
Can you format it as a patch with a Signed-off-by and send it to
samba-technical?
The KCC can't really do much on an RODC (because it is read-only), but
it shouldn't crash here because of the few useful things it can do,
like tidy up the non-replicated repsFrom objects.
Samba has no automatic way of managing the replication links for
RODCs, and we are not really sure how Windows does it.
cheers,
Douglas
More information about the samba
mailing list