1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

samba-tool drs: Ensure we do not replicate all secrets to an RODC, even with --local

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
This commit is contained in:
Andrew Bartlett 2015-02-20 17:54:32 +13:00
parent 023055ec80
commit 67c041ab76

View File

@ -265,8 +265,11 @@ def drs_local_replicate(self, SOURCE_DC, NC):
repl = drs_utils.drs_Replicate("ncacn_ip_tcp:%s[seal]" % self.server, self.lp, repl = drs_utils.drs_Replicate("ncacn_ip_tcp:%s[seal]" % self.server, self.lp,
self.creds, self.local_samdb, dest_dsa_invocation_id) self.creds, self.local_samdb, dest_dsa_invocation_id)
# Work out if we are an RODC, so that a forced local replicate
# with the admin pw does not sync passwords
rodc = self.local_samdb.am_rodc()
try: try:
repl.replicate(NC, source_dsa_invocation_id, destination_dsa_guid) repl.replicate(NC, source_dsa_invocation_id, destination_dsa_guid, rodc=rodc)
except Exception, e: except Exception, e:
raise CommandError("Error replicating DN %s" % NC, e) raise CommandError("Error replicating DN %s" % NC, e)
self.samdb.transaction_commit() self.samdb.transaction_commit()