On Sat, 2021-10-23 at 08:43 -0500, Patrick Goetz via samba wrote:> > On 10/22/21 16:13, Rowland Penny via samba wrote: > > On Fri, 2021-10-22 at 15:50 -0500, Patrick Goetz via samba wrote: > > > These comments are with reference to > > > > > > https://wiki.samba.org/index.php/Group_Policy > > > > > > This boxed comment: > > > --------------------------------------------------------- > > > If you run the command without specifying which DC to use with '- > > > H', > > > the > > > ADMX templates may be installed on another DC. > > > --------------------------------------------------------- > > > > > > which refers to `samba-tool gpo admxload -UAdministrator` > > > > > > seems muddled. Wouldn't the samba-tool you're running be > > > associated > > > with > > > a specific DC; i.e. the host which samba-tool is installed on, in > > > which > > > case omission of the -H flag should always default to the local > > > DC? > > > How > > > would it randomly write things to a remote URL? > > > > Believe me it does, I ran the command three times on a DC before I > > realised why the admx files were not in the DC's sysvol. The > > command > > ran and finished without any errors, but I couldn't find the admx > > files > > on the DC I ran the command on. I finally found them on my other > > DC, I > > had to specify the DC with -H to ensure they were placed on the DC > > I > > ran the command on. > > > > OK, but the documentation is a but unclear, simply stating I need to > use > the "URL" of the target server. Is this the FQDN, or can I just use > the > hostname?Both will probably work. I used the FQDN.> The relevant question is how is this URL being resolved?Sorry, but I didn't write the code and I haven't read it in depth, so I do not know how the URL is resolved, except that it is usually done on a round-robin basis.> > And never mind how horrible this design is. The exclusion of -H > should > always indicate a local installation. Good grief.Did I mention that I didn't write this ;-) Rowland
On 10/23/21 7:57 AM, Rowland Penny via samba wrote:>>> The relevant question is how is this URL being resolved? > > Sorry, but I didn't write the code and I haven't read it in depth, so I > do not know how the URL is resolved, except that it is usually done on > a round-robin basis. > >> >> And never mind how horrible this design is. The exclusion of -H >> should >> always indicate a local installation. Good grief. >Technically I *did* write this, but in my defense, it was mostly copy/paste from another command ;) Here is the relevant code: if H and H.startswith('ldap://'): dc_hostname = H[7:] self.url = H else: dc_hostname = netcmd_finddc(self.lp, self.creds) self.url = dc_url(self.lp, self.creds, dc=dc_hostname) Which says, if -H is specified (and it is an ldap url), then use it. Otherwise, pick a DC (in round robin fashion, as Rowland pointed out) in the domain your are joined to. Technically this should work regardless, as the SYSVOL will replicate the admx templates. It would probably make more sense to check if we're on a DC, then point to ourselves if we are. Sorry about being unclear about msiextract. It is indeed a command you would install on Linux. -- *David Mulder* Labs Software Engineer, Samba SUSE 1800 Novell Place Provo, UT 84606 (P)+1 801.861.6571 dmulder at suse.com <http://www.suse.com/>