OK! I'm getting farther and farther! :)
I've managed to preload user and computer passwords onto a samba RODC:
*sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload
'win7-shire$' --server main.adlab.netdirect.ca**
*Replicating DN
CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca
Exop on[CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca]
objects[1] linked_values[2]
*sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload
'win7-shire-2$' --server main.adlab.netdirect.ca**
*Replicating DN
CN=WIN7-SHIRE-2,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca
Exop
on[CN=WIN7-SHIRE-2,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca]
objects[1] linked_values[1]
*sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload 'bilbo'
--server main.adlab.netdirect.ca**
*Replicating DN CN=Bilbo
Baggins,OU=Shire,OU=Offices,DC=main,DC=adlab,DC=netdirect,DC=ca
Exop on[CN=Bilbo
Baggins,OU=Shire,OU=Offices,DC=main,DC=adlab,DC=netdirect,DC=ca]
objects[1] linked_values[2]
But when I try to log onto the domain from a client on that network, I
get an error "An internal error has occurred". Note that if I type an
*incorrect* password for the user, I get "The user name or password is
incorrect." I suspect the corresponding error in the Windows event log
is related to:
The Security System detected an authentication error for the server
cifs/sles-shire.main.adlab.netdirect.ca. The failure code from
authentication protocol Kerberos was "An internal error occurred.
(0xc00000e5)".
Note that this happens for users with credentials preloaded to the RODC
*even if the site link is up*.
Any idea what's going wrong?
M.
--
Michael Brown | `One of the main causes of the fall of
Systems Consultant | the Roman Empire was that, lacking zero,
Net Direct Inc. | they had no way to indicate successful
?: +1 519 883 1172 x5106 | termination of their C programs.' - Firth
