samba - Jun 2010 - Can SAMBA work with 2008 R2 Read Only Domain controller

Hello,
?
We are planing to utilize Microsoft 2008 R2 Read Only Domain controller, and
deploy RODC's in branches.
?
If I would like to have SAMBA servers in those branches, will I be able to add
them to the domain (using "net ads join") and work with them, when
using the RODC's as domain controllers configured in my smb.conf &
krb5.conf?
?
I have looked around and did not find any documentation for SAMBA supporting /
not supporting this.
?
I have done some testing and failed (I got "Failed to join domain: failed
to connect to AD: Decrypt integrity check failed Ok"?from the "net ads
join" command), before investing more time in troubleshooting I hoped that
someone could assist and tell me if such a configuration is possible.
?
If this is not possible, it would be great to know why.
?
Best Regards,
Hagai

Hi,

Have you read http://wiki.samba.org/index.php/Samba4_joining_a_domain ?
# Samba4 joining a domain as a RODC

HTH

Regards,

Serge Fonville

On Sun, Jun 6, 2010 at 5:12 PM, hagai yaffe <hagaiy at yahoo.com>
wrote:
> Hello,
>
> We are planing to utilize Microsoft 2008 R2 Read Only Domain controller,
and deploy RODC's in branches.
>
> If I would like to have SAMBA servers in those branches, will I be able to
add them to the domain (using "net ads join") and work with them, when
using the RODC's as domain controllers configured in my smb.conf &
krb5.conf?
>
> I have looked around and did not find any documentation for SAMBA
supporting / not supporting this.
>
> I have done some testing and failed (I got "Failed to join domain:
failed to connect to AD: Decrypt integrity check failed Ok"?from the
"net ads join" command), before investing more time in troubleshooting
I hoped that someone could assist and tell me if such a configuration is
possible.
>
> If this is not possible, it would be great to know why.
>
> Best Regards,
> Hagai
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: ?https://lists.samba.org/mailman/options/samba
>


-- 
http://www.sergefonville.nl

Convince Google!!
They need to support Adsense over SSL
https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528
http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en

Hello,
?
I am sorry, I was not clear enough.
I am not planing to add the SAMBA server to the domain as a Domain Controller, I
would like to add it to the domain as a domain member.
?
How ever, when I try to join the domain when pointing my SAMBA machine to a
Microsoft Read Only domain Controller I fail with the error I have mentioned
(when pointing to a normal Domain Controller this work, how ever in the planned
implementation I might have access only to Microsoft RODC's for joining the
domain). ?
?
Should this work?
Best Regards,
Hagai

--- On Sun, 6/6/10, hagai yaffe <hagaiy at yahoo.com> wrote:


From: hagai yaffe <hagaiy at yahoo.com>
Subject: Can SAMBA work with 2008 R2 Read Only Domain controller
To: samba at lists.samba.org
Date: Sunday, June 6, 2010, 6:12 PM







Hello,
?
We are planing to utilize Microsoft 2008 R2 Read Only Domain controller, and
deploy RODC's in branches.
?
If I would like to have SAMBA servers in those branches, will I be able to add
them to the domain (using "net ads join") and work with them, when
using the RODC's as domain controllers configured in my smb.conf &
krb5.conf?
?
I have looked around and did not find any documentation for SAMBA supporting /
not supporting this.
?
I have done some testing and failed (I got "Failed to join domain: failed
to connect to AD: Decrypt integrity check failed Ok"?from the "net ads
join" command), before investing more time in troubleshooting I hoped that
someone could assist and tell me if such a configuration is possible.
?
If this is not possible, it would be great to know why.
?
Best Regards,
Hagai