Cleaning up my configuration after migrating to 4.10rc4 I saw that dynamic updates quit with NOTAUTH Of course I checked the configuration more than twice and began tracing bind. Luckily I have access to a "old" 4.7 installation where I saw a difference: samba_dlz: configured writeable zone xy is not printed on 4.10 Some digging later I think the reason is the following: For every zone in AD before adding to the "writable" list several things are checked. The thing that fails is b9_has_soa. Even though I have a SOA record, the final call that fetches this SOA does it with this filter (in dns_common_lookup): (&(objectClass=dnsNode)(!(dNSTombstoned=TRUE))) probably this should be (&(|(objectClass=dnsNode)(objectClass=dnsZone))(!(dNSTombstoned=TRUE))) The compilation takes some time since I am on armhf architecture, but as soon as I can I will confirm if the fix above works and add a diff
Created attachment 14942 [details] add_dc_at_to_basedn The problem actually wasnt the objectClass query but a regression introduced with 28e2a518ff32 This patch readds DC=@ to the dn before dns_common_lookup is called as it was before
Created attachment 14950 [details] patch for 4.10.0 This patch file is rebased on 4.10.0
The patch looks correct to me. I'll see if I can get a test written for it.
Created attachment 14967 [details] Test patch (which fails on 4.10)
(In reply to Michael Saxl from comment #2) Can you add your Signed-off-by: tag onto the commit, and made sure you've sent in your Samba Developer Certificate of Origin (DCO)?
Created attachment 14969 [details] selftest for this regression signed off by Garming Sam and myself
Created attachment 14972 [details] s4_dlz_make_b9_has_soa_check_dc_at_node.patch signed-off included
(In reply to Michael Saxl from comment #6) Please ignore this attachment. I must admit that i did not read or knew https://wiki.samba.org/index.php/CodeReview and was not aware what you wanted me to do. I'm sorry about that.
(In reply to Michael Saxl from comment #8) No worries. Some of our processes aren't very obvious for outsiders. I've just amended your patch to instruct the test system that we're now passing the test I wrote. I will try to get this reviewed and upstream, so that we can get it into 4.10 as soon as possible. Thanks.
Created attachment 14973 [details] patch for master
Fixed in master with 6c62e05466917d9454d67eb2dd77e303e612c8a9 for Samba 4.11. Cherry-pick for 4.10 shortly.
Created attachment 14992 [details] patch for 4.10 cherry-picked from master
(In reply to Andrew Bartlett from comment #12) Pushed to autobuild-v4-10-test.
(In reply to Karolin Seeger from comment #13) Pushed again to autobuild-v4-10-test.
(In reply to Karolin Seeger from comment #14) Pushed to v4-10-test. Closing out bug report. Thanks!