[PATCH] DNS and Subdomain patches
Stefan (metze) Metzmacher
metze at samba.org
Mon Sep 1 05:54:10 MDT 2014
Hi Andrew,
>> I'm still working on tidying the rest up, but I expect to have it back
>> to you tomorrow.
>
> The patches that had sufficient review are in master, and the rest is in
> my subdomain-wip tree.
>
> Can you clarify to me what more you want done on the crossRef partitions
> patch, beyond your improved API (which I'm quite happy with, and I fixed
> to use ctx.domsid)?
The patch is fine.
But reading the context of this change showed a possible 2nd problem
with the same LDAP object.
I see windows used the 'rootTrust' attribute instead of 'trustParent'.
There might be also other related problems.
so it would be good to have a Windows 2012R2 enviroment with
msDS-Behavior-Version=4 with the following 6 domains
in just one forest with 'DC=rootdomain,DC=example,DC=com'
as forestroot:
DC=rootdomain,DC=example,DC=com
DC=rootlevel1,DC=rootdomain,DC=example,DC=com
DC=rootlevel2,DC=rootlevel1,DC=rootdomain,DC=example,DC=com
DC=otherdomain,DC=example,DC=com
DC=otherlevel1,DC=otherdomain,DC=example,DC=com
DC=otherlevel2,DC=otherlevel1,DC=otherdomain,DC=example,DC=com
Then setup the same thing with samba
and compare the objects under
CN=Partitions,CN=Configuration,DC=rootdomain,DC=example,DC=com
(including the nTSecurityDescriptor attribute).
As well as "*,nTSecurityDescriptor" for the domain (and DomainDnsZones)
partitions.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140901/f16c6b58/attachment.pgp>
More information about the samba-technical
mailing list