Gaetan SLONGO
2017-Aug-28 09:31 UTC
[Samba] RODC User's password replication, not implemented ?
Hi, I'm trying to add a Samba RODC in our environment (Samba 4.6.7) RODC is in the domain and viewable in the MMC, but all users are in " denied rodc password replication group". However these users are not in that group, and also not in a group member of that group (it seems) root at dc ~]# wbinfo -g test|grep -i denied DOMAIN\denied rodc password replication group I assume this is why I cannot make LDAP bind to my RODC However, kinit seem to work Thank you in advance
Andrew Bartlett
2017-Aug-28 09:58 UTC
[Samba] RODC User's password replication, not implemented ?
On Mon, 2017-08-28 at 11:31 +0200, Gaetan SLONGO via samba wrote:> Hi, > > > > I'm trying to add a Samba RODC in our environment (Samba 4.6.7)Please don't use Samba 4.6 as or with an RODC. Samba 4.7 will be the first release where this works, and in secure. Thankfully it will be out next week, so not long to wait :-) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Gaetan SLONGO
2017-Aug-28 11:38 UTC
[Samba] RODC User's password replication, not implemented ?
Ok Andrew, thank you :-) I will wait for it for a proper setup ... But obviously here the problem is group membership do not seem to be correct. What's your mind about it ? Maybe there is an issue which is not related to RODC ----- Mail original ----- De: "Andrew Bartlett" <abartlet at samba.org> À: "Gaetan SLONGO" <gslongo at it-optics.com>, "samba" <samba at lists.samba.org> Envoyé: Lundi 28 Août 2017 11:58:32 Objet : Re: [Samba] RODC User's password replication, not implemented ? On Mon, 2017-08-28 at 11:31 +0200, Gaetan SLONGO via samba wrote:> Hi, > > > > I'm trying to add a Samba RODC in our environment (Samba 4.6.7)Please don't use Samba 4.6 as or with an RODC. Samba 4.7 will be the first release where this works, and in secure. Thankfully it will be out next week, so not long to wait :-) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba