| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The "serverReference" attribute is available on the "server" object
not on the "nTDSA" object.
This allows connections to RODCs, as they don't have a
E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
principal.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 14 18:57:41 CEST 2012 on sn-devel-104
|
|
This uses a GUID based comparison, and avoids re-fetching the
samdb_ntds_settings_dn each time.
Andrew Bartlett
|
|
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 14 13:58:31 CEST 2012 on sn-devel-104
|
|
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
|
|
The index into the elements needs to match between
msg->elements and md->ctr.ctr1.array, which means we should
pre-allocate them with the same size.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
|
|
As this value is calculated new each time, we need to give it a context to live on.
If the value is the forced value during provision, a reference is taken.
This was responsible for the memory leak in the replication process. In the
example I was given, this DN appeared in memory 13596 times!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
|
|
This reworks dsdb_replicated_objects_commit() to have a proper local tmp_ctx and
to be more careful about what schema is set (only setting a global schema if
the original schema was global).
In particular, the new working_schema is not given a talloc reference
to the old schema. This ensures that the old schema can go away when
no longer used.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Aug 11 10:31:57 CEST 2012 on sn-devel-104
|
|
msg->elements on RODC replication
It's very important that the order of msg->elements and md->ctr.ctr1.array
is the same.
metze
|
|
Based on a patch proposal by Matthieu Patou <mat@matws.net>.
Andrew Bartlett
|
|
|
|
We should prevent this much further up the stack, but at least add a choke
at this point for now.
Additionally, this avoids administrator-forced replications causing
considerable damange to the directory.
Andrew Bartlett
|
|
This allows the parent to be renmaed while a new object is added on another replica.
This rename may also be a delete, in which case we must move it to lostandfound.
Andrew Bartlett
|
|
We need to have the struct dreplsrv_partition_source_dsa around until the end of the
async op, so we use talloc_reference after carefully checking the callers and
making the modifications required.
This prevents a crash when replicating partitions in the vampire_dc test after
adding DNS replication at join time.
Andrew Bartlett
|
|
they have to reload the schema
|
|
controller"
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.
To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.
Andrew Bartlett
|
|
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Mar 14 11:59:02 CET 2012 on sn-devel-104
|
|
anymore in reps*"
This reverts commit 5bfd6251eb22ff701184a95649822a73cf4d157b.
This change has been causing regular segfaults in the build farm since
it was applied. I also think it may be unnecessary as
dreplsrv_refresh_partitions() should already be achieving the same
thing (removing stale replication targets).
I think the segfaults were caused by freeing an in-flight DSA, but I
have been unable to reproduce it outside of the build farm
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Feb 1 07:49:42 CET 2012 on sn-devel-104
|
|
in reps*
Servers connection can be removed from repsTo and respFrom either due to
DC demote or topology change by the KCC, if a server is removed from the
reps* it must be effectivly removed from the list of server that we will
contact for getNcChanges and for replicaSync.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Dec 5 19:56:09 CET 2011 on sn-devel-104
|
|
the one we want to use
|
|
|
|
Sometimes windows DC will set up dNSHostname before setting up
GC SPN and that causes replication errors since samba tries to
use GC SPN, which does not yet exist locally.
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
To replicate application partitions (e.g. DNS partitions) consult
msDs-hasMasterNCs attribute as well. Also, make sure we don't add
same partition twice in the list. hasMasterNCs and msDs-hasMasterNCs
have domain, configuration and schema partitions common.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
this sets DSDB_REPL_FLAG_PARTIAL_REPLICA when replicating a RODC
partition, which tells the replication code to map instanceType to
remove the INSTANCE_TYPE_WRITE bit
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
when doing DRS between domains, using the right SPN is essential so
the KDC can generate referrals to point us at the right DC. We prefer
the GC/hostname/DNSDOMAIN form if possible, but if we can't find the
hostname then this changes the code that generates the target
principal name to use either the msDS-HasDomainNCs or hasMasterNCs
attributes to try to find the target DC domainname so we can use the
E3514235-4B06-11D1-AB04-00C04FC2DCD2/GUID/DNSDOMAIN SPN form.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this control tells the partition module that the DN being created is a
partial replica, so it should modify the @PARTITION object to add the
partialReplica attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this adds a flag to dsdb_origin_objects_commit that tells it to create
a new NC based on the nCName in a crossRef object
|
|
|
|
when we receive objects to a partial replica, we need to change the
incoming instanceType to not include the INSTANCE_TYPE_WRITE
flag. Partial replicas unset this flag.
|
|
this sets the appropriate flags for replication with FULL_SYNC and
partial replica replications
|
|
|
|
when we find a NC via a DN string, fill in the GUID and SID so the
caller can properly report them
|
|
this allows us to use the DN from a hasPartialReplicaNCs attribute to
create a reps1 object
|
|
we need to create a temporary dsa object to allow the replication task
to replicate a NC that is not listed in a repsFrom attribute
|
|
we need to use the hasMasterNCs and hasPartialReplicaNCs attributes on
our NTDS object to get the list of NCs to replicate, instead of using
the rootDSE. This is needed to support replicating of GC partial
replicas, which are not listed in the rootDSE
|
|
if we are replicating a partial replica, then we need to supply the
partial attribute set we want to replicate to the server
|
|
another multi-domain fix
|
|
|
|
This happens if we have a custom schema - we need to build up the schema until
it loads, by converting more objects.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Aug 9 13:10:25 CEST 2011 on sn-devel-104
|
|
gensec_session_key()
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
|
|
Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Wed May 11 21:03:59 CEST 2011 on sn-devel-104
|
|
This avoid symbol and structure conflicts between Samba3 and Samba4,
and chooses a less generic name.
Andrew Bartlett
|
|
this gives the administrator a proper error message on the command
line
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
We don't need all object attributes resolved and converted for a working
schema to be functional.
|
|
during replicated object convert stage.
The problem is that we may have loops in schema graph and we can't
resolve those loops in just one pass. Ignoring some attributes
conversion will allow us to have a functional schema cache that we
can use later to resolve all attribute OIDs on another pass
|
|
run_pending_ops directly
Executing dreplsrv_run_pending_ops() directly may cause a segfault
as in case of failure, the _drepl_replica_sync_done_cb() callback
gets called *before* drepl_replica_sync() returns. In such case,
irpc message gets freed twice - once when irpc_send_reply() gets called
and once when drepl_replica_sync() returns
|
|
last success
|
|
1. Take into account DSA options - we should not send replication
requests in case OUTBOUND_REPLICATION is disabled
2. Use replication flags for the operation to determine if
a forced replication is requested
3. In case outbound replication is disabled and we don't have
DRSUAPI_DRS_SYNC_FORCED flag set, then we should record
WERR_DS_DRA_SINK_DISABLED error as a last replication result
|
|
|
