From ca2e038aa5221d80a2a84aa1d65c3c246502ddc5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 9 Dec 2015 17:04:14 +1300 Subject: [PATCH] samba-tool domain join: Set drsuapi.DRSUAPI_DRS_GET_ANC during initial repl This is needed so that we get parents before children. We need this to ensure that we always know the correct parent for a new child object, rather than just trusting the DN string Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam --- python/samba/join.py | 5 ++++- source4/libnet/libnet_become_dc.c | 11 +++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/python/samba/join.py b/python/samba/join.py index ebfd63ed265..103e4d93a8b 100644 --- a/python/samba/join.py +++ b/python/samba/join.py @@ -833,7 +833,7 @@ class dc_join(object): repl.replicate(ctx.base_dn, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, replica_flags=ctx.domain_replica_flags) - ctx.domain_replica_flags ^= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY | drsuapi.DRSUAPI_DRS_GET_ANC + ctx.domain_replica_flags ^= drsuapi.DRSUAPI_DRS_CRITICAL_ONLY else: ctx.domain_replica_flags |= drsuapi.DRSUAPI_DRS_GET_ANC repl.replicate(ctx.base_dn, source_dsa_invocation_id, @@ -1189,6 +1189,7 @@ def join_DC(logger=None, server=None, creds=None, lp=None, site=None, netbios_na ctx.replica_flags = (drsuapi.DRSUAPI_DRS_WRIT_REP | drsuapi.DRSUAPI_DRS_INIT_SYNC | drsuapi.DRSUAPI_DRS_PER_SYNC | + drsuapi.DRSUAPI_DRS_GET_ANC | drsuapi.DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS | drsuapi.DRSUAPI_DRS_NEVER_SYNCED) ctx.domain_replica_flags = ctx.replica_flags @@ -1213,6 +1214,7 @@ def join_clone(logger=None, server=None, creds=None, lp=None, ctx.replica_flags = (drsuapi.DRSUAPI_DRS_WRIT_REP | drsuapi.DRSUAPI_DRS_INIT_SYNC | drsuapi.DRSUAPI_DRS_PER_SYNC | + drsuapi.DRSUAPI_DRS_GET_ANC | drsuapi.DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS | drsuapi.DRSUAPI_DRS_NEVER_SYNCED) if not include_secrets: @@ -1268,6 +1270,7 @@ def join_subdomain(logger=None, server=None, creds=None, lp=None, site=None, ctx.replica_flags = (drsuapi.DRSUAPI_DRS_WRIT_REP | drsuapi.DRSUAPI_DRS_INIT_SYNC | drsuapi.DRSUAPI_DRS_PER_SYNC | + drsuapi.DRSUAPI_DRS_GET_ANC | drsuapi.DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS | drsuapi.DRSUAPI_DRS_NEVER_SYNCED) ctx.domain_replica_flags = ctx.replica_flags diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c index 36e70c5228f..9cfb9933dbf 100644 --- a/source4/libnet/libnet_become_dc.c +++ b/source4/libnet/libnet_become_dc.c @@ -2806,7 +2806,8 @@ static void becomeDC_drsuapi3_pull_schema_send(struct libnet_BecomeDC_state *s) | DRSUAPI_DRS_PER_SYNC | DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS | DRSUAPI_DRS_NEVER_SYNCED - | DRSUAPI_DRS_USE_COMPRESSION; + | DRSUAPI_DRS_USE_COMPRESSION + | DRSUAPI_DRS_GET_ANC; if (s->rodc_join) { s->schema_part.replica_flags &= ~DRSUAPI_DRS_WRIT_REP; } @@ -2866,7 +2867,8 @@ static void becomeDC_drsuapi3_pull_config_send(struct libnet_BecomeDC_state *s) | DRSUAPI_DRS_PER_SYNC | DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS | DRSUAPI_DRS_NEVER_SYNCED - | DRSUAPI_DRS_USE_COMPRESSION; + | DRSUAPI_DRS_USE_COMPRESSION + | DRSUAPI_DRS_GET_ANC; if (s->rodc_join) { s->schema_part.replica_flags &= ~DRSUAPI_DRS_WRIT_REP; } @@ -2924,9 +2926,10 @@ static void becomeDC_drsuapi3_pull_domain_send(struct libnet_BecomeDC_state *s) | DRSUAPI_DRS_PER_SYNC | DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS | DRSUAPI_DRS_NEVER_SYNCED - | DRSUAPI_DRS_USE_COMPRESSION; + | DRSUAPI_DRS_USE_COMPRESSION + | DRSUAPI_DRS_GET_ANC; if (s->critical_only) { - s->domain_part.replica_flags |= DRSUAPI_DRS_CRITICAL_ONLY | DRSUAPI_DRS_GET_ANC; + s->domain_part.replica_flags |= DRSUAPI_DRS_CRITICAL_ONLY; } if (s->rodc_join) { s->schema_part.replica_flags &= ~DRSUAPI_DRS_WRIT_REP;