Andrew Bartlett
2017-Nov-30 17:34 UTC
[Samba] Should Samba-tool RODC preload be run periodically?
On Thu, 2017-11-30 at 15:46 +0000, Andrej Gessel via samba wrote:> Hello Andrew, > > thank you for the answer. > > 1) User credentials need to be preloaded with samba-tool to be > automatically replicated later if they change, its correct?No, preloading just makes the first login faster.> 2) And if user try to login on RODC without preloaded credentials, this > credentials will not be cached? (as described in samba wiki)No, the criteria for being cached is if the user account is in the allowed rodc replication group and not in the denied one. Can you point me at the incorrect section of the wiki?> We using Samba 4.7.3 for RODC.Good. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Rowland Penny
2017-Nov-30 17:51 UTC
[Samba] Should Samba-tool RODC preload be run periodically?
On Fri, 01 Dec 2017 06:34:55 +1300 Andrew Bartlett via samba <samba at lists.samba.org> wrote:> On Thu, 2017-11-30 at 15:46 +0000, Andrej Gessel via samba wrote: > > Hello Andrew, > > > > thank you for the answer. > > > > 1) User credentials need to be preloaded with samba-tool to be > > automatically replicated later if they change, its correct? > > No, preloading just makes the first login faster. > > > 2) And if user try to login on RODC without preloaded credentials, > > this credentials will not be cached? (as described in samba wiki) > > No, the criteria for being cached is if the user account is in the > allowed rodc replication group and not in the denied one. > > Can you point me at the incorrect section of the wiki? >Hi Andrew, it is here: https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC Rowland
Andrew Bartlett
2017-Nov-30 18:05 UTC
[Samba] Should Samba-tool RODC preload be run periodically?
On Thu, 2017-11-30 at 17:51 +0000, Rowland Penny via samba wrote:> On Fri, 01 Dec 2017 06:34:55 +1300 > Andrew Bartlett via samba <samba at lists.samba.org> wrote: > > > > > Can you point me at the incorrect section of the wiki? > > > > Hi Andrew, it is here: > > https://wiki.samba.org/index.php/Join_a_domain_as_a_RODCThanks. I've clarified the text, in particular the confusing 'must' regarding the preload. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba