summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-11-20 14:59:17 +1100
committerStefan Metzmacher <metze@samba.org>2013-01-17 15:10:10 +0100
commit316fd085ad2b587b82d817358240f84ae054a543 (patch)
treed5a376e76b97ae299b90501a4c22e8523dfc4cee
parent6a1025551eb5b343ec996ae0c642d542162e8910 (diff)
downloadsamba-316fd085ad2b587b82d817358240f84ae054a543.tar.gz
samba-316fd085ad2b587b82d817358240f84ae054a543.tar.bz2
samba-316fd085ad2b587b82d817358240f84ae054a543.zip
drs-fsmo: Improve handling of FSMO role takeover.
This needs to be more async, and give less scary errors. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source4/dsdb/repl/drepl_fsmo.c5
-rw-r--r--source4/dsdb/samdb/ldb_modules/rootdse.c11
-rw-r--r--source4/rpc_server/drsuapi/getncchanges.c3
3 files changed, 14 insertions, 5 deletions
diff --git a/source4/dsdb/repl/drepl_fsmo.c b/source4/dsdb/repl/drepl_fsmo.c
index 0e83982ab4..37fb684f47 100644
--- a/source4/dsdb/repl/drepl_fsmo.c
+++ b/source4/dsdb/repl/drepl_fsmo.c
@@ -108,9 +108,8 @@ NTSTATUS drepl_take_FSMO_role(struct irpc_message *msg,
return NT_STATUS_OK;
}
- if (is_us ||
- (extended_op == DRSUAPI_EXOP_NONE)) {
- DEBUG(0,("FSMO role check failed for DN %s and owner %s \n",
+ if (is_us) {
+ DEBUG(5,("FSMO role check failed, we already own DN %s with %s\n",
ldb_dn_get_linearized(fsmo_role_dn),
ldb_dn_get_linearized(role_owner_dn)));
r->out.result = WERR_OK;
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index ba71b5f8ff..add83d293a 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -1377,9 +1377,18 @@ static int rootdse_become_master(struct ldb_module *module,
fsmo->ldb = ldb;
fsmo->req = req;
- /* we send the call asynchronously, as the ldap client is
+ /*
+ * we send the call asynchronously, as the ldap client is
* expecting to get an error back if the role transfer fails
+ *
+ * We need more than the default 10 seconds IRPC allows, so
+ * set a longer timeout (default ldb timeout is 300 seconds).
+ * We send an async reply when we are done.
+ *
+ * We are the first module, so don't bother working out how
+ * long we have spent so far.
*/
+ dcerpc_binding_handle_set_timeout(irpc_handle, req->timeout);
treq = dcerpc_drepl_takeFSMORole_send(req, ldb_get_event_context(ldb), irpc_handle, role);
if (treq == NULL) {
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index c3fd000e8a..575d037110 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -2022,7 +2022,8 @@ allowed:
werr = drsuapi_UpdateRefs(b_state, mem_ctx, &ureq);
if (!W_ERROR_IS_OK(werr)) {
- DEBUG(0,(__location__ ": Failed UpdateRefs in DsGetNCChanges - %s\n",
+ DEBUG(0,(__location__ ": Failed UpdateRefs on %s for %s in DsGetNCChanges - %s\n",
+ drs_ObjectIdentifier_to_string(mem_ctx, ncRoot), ureq.dest_dsa_dns_name,
win_errstr(werr)));
}
}