From c503ca302d4f9dd0fc9c01344a25a917f6c3fafe Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 31 Oct 2016 16:48:33 +1300
Subject: [PATCH] join.py: Attempt to allocate a RID Set during the join

If we are joining the RID Manager, then we should get a RID Set, but
otherwise we should accept failure with the right error code

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
---
 python/samba/join.py | 20 ++++++++++++++++++++
 selftest/knownfail   |  4 ----
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/python/samba/join.py b/python/samba/join.py
index a50a409abfc..c56f8d95c17 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -114,6 +114,7 @@ class dc_join(object):
             ctx.acct_dn = None
             ctx.myname = ctx.server.split('.')[0]
             ctx.ntds_guid = None
+            ctx.rid_manager_dn = None
 
             # Save this early
             ctx.remote_dc_ntds_guid = ctx.samdb.get_ntds_GUID()
@@ -137,6 +138,12 @@ class dc_join(object):
                          "HOST/%s" % ctx.dnshostname,
                          "GC/%s/%s" % (ctx.dnshostname, ctx.dnsforest) ]
 
+            res_rid_manager = ctx.samdb.search(scope=ldb.SCOPE_BASE,
+                                               attrs=["rIDManagerReference"],
+                                               base=ctx.base_dn)
+
+            ctx.rid_manager_dn = res_rid_manager[0]["rIDManagerReference"][0]
+
         ctx.domaindns_zone = 'DC=DomainDnsZones,%s' % ctx.base_dn
         ctx.forestdns_zone = 'DC=ForestDnsZones,%s' % ctx.root_dn
 
@@ -913,6 +920,19 @@ class dc_join(object):
                 repl.replicate(ctx.new_krbtgt_dn, source_dsa_invocation_id,
                         destination_dsa_guid,
                         exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True)
+            elif ctx.rid_manager_dn != None:
+                # Try and get a RID Set if we can.  This is only possible against the RID Master.  Warn otherwise.
+                try:
+                    repl.replicate(ctx.rid_manager_dn, source_dsa_invocation_id,
+                                   destination_dsa_guid,
+                                   exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC)
+                except samba.DsExtendedError, (enum, estr):
+                    if enum == drsuapi.DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER:
+                        print "WARNING: Unable to replicate own RID Set, as server %s (the server we joined) is not the RID Master." % ctx.server
+                        print "NOTE: This is normal and expected, Samba will be able to create users after it contacts the RID Master at first startup."
+                    else:
+                        raise
+
             ctx.repl = repl
             ctx.source_dsa_invocation_id = source_dsa_invocation_id
             ctx.destination_dsa_guid = destination_dsa_guid
diff --git a/selftest/knownfail b/selftest/knownfail
index da378271381..38b5f51bb36 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -306,7 +306,3 @@
 ^samba4.rpc.echo.*on.*with.object.echo.sinkdata.*nt4_dc
 ^samba4.rpc.echo.*on.*with.object.echo.addone.*nt4_dc
 ^samba4.rpc.echo.*on.*ncacn_ip_tcp.*with.object.*nt4_dc
-^samba4.drs.ridalloc_exop.python.*ridalloc_exop.DrsReplicaSyncTestCase.test_offline_ridalloc
-^samba4.drs.ridalloc_exop.python.*ridalloc_exop.DrsReplicaSyncTestCase.test_join_time_ridalloc
-^samba4.drs.ridalloc_exop.python.*ridalloc_exop.DrsReplicaSyncTestCase.test_rid_set_dbcheck_after_seize
-^samba4.drs.ridalloc_exop.python.*ridalloc_exop.DrsReplicaSyncTestCase.test_rid_set_dbcheck