Thomas Schulz
2014-Mar-20 16:10 UTC
[Samba] Do _kpasswd DNS entries determine server used for pasword changes
I am trying to do something apparently unsupported in trying to use Samba 4.1.6 as an additional Active Directory Domain Controller with a Windows Server 2000 controller. I find that inbound replication works but outbound replication does not. Also DNS replication is not supported (this was noted during provisioning). In an effort to get outbound replication working, I manually entered all of the DNS records into the Windows 2000 server. This did not fix the outbound replication. My worry now is that someone may change their password and that the change will go to the Samba 4.1.6 DC. If that happens, the change will not be replicated back to the Windows 2000 DC. If the _kpasswd DNS entries determine which servers can be used for password changes then I think that I could fix this problem by just removing the _kpasswd DNS entries. Does anyone know if that will be enough? Tom Schulz Applied Dynamics Intl. schulz at adi.com
Andrew Bartlett
2014-Mar-24 05:12 UTC
[Samba] Do _kpasswd DNS entries determine server used for pasword changes
On Thu, 2014-03-20 at 12:10 -0400, Thomas Schulz wrote:> I am trying to do something apparently unsupported in trying to use > Samba 4.1.6 as an additional Active Directory Domain Controller with > a Windows Server 2000 controller. I find that inbound replication works > but outbound replication does not. Also DNS replication is not supported > (this was noted during provisioning). In an effort to get outbound > replication working, I manually entered all of the DNS records into > the Windows 2000 server. This did not fix the outbound replication. > > My worry now is that someone may change their password and that the > change will go to the Samba 4.1.6 DC. If that happens, the change will > not be replicated back to the Windows 2000 DC. If the _kpasswd DNS entries > determine which servers can be used for password changes then I think that > I could fix this problem by just removing the _kpasswd DNS entries. Does > anyone know if that will be enough?No, that is only used by very few clients. You should work out why replication isn't working, but understand that Windows 2000 isn't something we test with at all (it is even hard to get - it isn't on MSDN for example). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba