search for: rodc

Ok, but why if i browse the network from the client with the remote rodc and the rwdc used as replication partner for rodc join online, everything work as expected, but if i shutdown the rwdc used for rodc join replication partner offline, client no work anymore? The join command for the remote rodc RODC-1 is: samba-tool domain join scratch.lan RODC --server=dc-1.scr...

 Hi,  I am working on a deployment of Samba as a domain controller, with one central domain controller and several read-only DC.  The deployment works, and computers seems to interact with the RODCs as they should, but sometimes computers leave the domain after a password change.  This seems to happen only on RODC where the passwords have been replicated - on one occasion the RODC was not set to store password hashes, and computers connected to this RODC don't seem to have issues....

On Tue, 31 Dec 2024 09:42:05 +0000 Manzini Enrico via samba <samba at lists.samba.org> wrote: > Ok, but why if i browse the network from the client with the remote > rodc and the rwdc used as replication partner for rodc join online, > everything work as expected, but if i shutdown the rwdc used for rodc > join replication partner offline, client no work anymore? > Possibly because the RODC is hard wired to use its replication partner for passwords ? Is...

On Tue, 24 Dec 2024 11:38:17 +0000 Manzini Enrico via samba <samba at lists.samba.org> wrote: > Hello, > we are testing a dc/rodc configuration with Samba AD, but we are > stuck with a problem that occurs when one of the writable DCs (the > one that was used as a partner during rodc join) is shutdown: Test > configuration: > - writeable dc and read only dc Samba 4.21 installed on > Debian 12, with two...

On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Sun, 5 May 2019 09:20:37 -0300 > Emerson Kfuri via samba <samba at lists.samba.org> wrote: > > > Hello, > > > > Recently I started using RODC servers on my environment and noticed a > > few issues with it: > > - lack of LDAP SPNs > > - "samba_dnsupdate" not working with "insufficient access rights" (it > > works from RWDCs) > > Probably because you cannot write to an RODC > Yes! That&...

On Tue, 23 Oct 2018 10:07:29 +1300 Garming Sam via samba <samba at lists.samba.org> wrote: > Hi, > > On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > > > >  The deployment works, and computers seems to interact with the > > RODCs as they should, but sometimes computers leave the domain > > after a password change. > > > >  This seems to happen only on RODC where the passwords have been > > replicated - on one occasion the RODC was not set to store password > > hashes, and computers connected t...

> Jakob Curdes via samba<samba at lists.samba.org> wrote: > >> Hello, we have setup a SAMBA4 RODC in our setup where we have two >> exisitng RW Samba4 DC's. >> >> The RODC is joined correctly and can preload user accounts etc. It >> also can resolve its own name and the name of other DC's, also the >> SRV records needed. >> We created an own site with...

Hello everybody, if I set up a RODC in a different site with an own subnet do I have to replicate the machine-passwords with "samba-tool rodc reload host\$ --server=addc"? Or can a machine always authenticate against a RODC? Greetings Stefan -------------- next part -------------- A non-text attachment was scrubbed......

...user from Domain Admin group(maybe it works with other users too, but I didn't test it). Andrej Am 07.08.2018 um 17:00 schrieb Stefan Kania via samba: > When I start the replication from the other DC it works as you can see: > ------- > root at addc-01:~# samba-tool drs replicate rodc-01 addc-01 dc=example,dc=net > Replicate from addc-01 to rodc-01 was successful. > ------- > > Am 07.08.2018 um 15:26 schrieb Stefan Kania via samba: >> Hello, >> >> I just start testing the setup of an RODC with 4.8.3 (I use the packages >> from Louis). The join...

Hello, we are testing a dc/rodc configuration with Samba AD, but we are stuck with a problem that occurs when one of the writable DCs (the one that was used as a partner during rodc join) is shutdown: Test configuration: - writeable dc and read only dc Samba 4.21 installed on Debian 12, with two sites configured -...

Hi Garming, > As far I know, all this should work as you would expect. Quite recently, > Andrew Bartlett and I went about testing some of the behaviour of the > KDC and confirming behaviour such as RODC ticket forwarding. thanks for the input. It gives me hope to dig deeper! I have some more time to spend on this issue today, I gonna try some more scenario. > The one thing to check would be whether or not Samba is being linked > against system Heimdal. As it stands, there is no real testi...

...t 2018 10:07:29 +1300 > > Garming Sam via samba <samba at lists.samba.org> wrote: > > > >> Hi, > >> > >> On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > >>>  The deployment works, and computers seems to interact with the > >>> RODCs as they should, but sometimes computers leave the domain > >>> after a password change. > >>> > >>>  This seems to happen only on RODC where the passwords have been > >>> replicated - on one occasion the RODC was not set to store > >>> pa...

On Wed, 24 Jan 2024 15:54:38 +0100 Jakob Curdes via samba <samba at lists.samba.org> wrote: > Hello, we have setup a SAMBA4 RODC in our setup where we have two > exisitng RW Samba4 DC's. > > The RODC is joined correctly and can preload user accounts etc. It > also can resolve its own name and the name of other DC's, also the > SRV records needed. > We created an own site with specific subnet for t...

Hello, I just start testing the setup of an RODC with 4.8.3 (I use the packages from Louis). The join works fine. After a reboot of the rodc I can see all Objcts with: ldbsearch --url=/var/lib/samba/private/sam.ldb and all users and groups with: wbinfo -u wbinfo -g But as soon as I try to test the replication I got this message: ----------- roo...

...mba < > > samba at lists.samba.org> wrote: > > > > > On Sun, 5 May 2019 09:20:37 -0300 > > > Emerson Kfuri via samba <samba at lists.samba.org> wrote: > > > > > > > Hello, > > > > > > > > Recently I started using RODC servers on my environment and > > > > noticed a few issues with it: > > > > - lack of LDAP SPNs > > > > - "samba_dnsupdate" not working with "insufficient access > > > > rights" (it works from RWDCs) > > > > > > P...

Am 22.11.18 um 17:51 schrieb Rowland Penny via samba: > On Thu, 22 Nov 2018 17:29:16 +0100 > Stefan Kania via samba <samba at lists.samba.org> wrote: > >> Hello everybody, >> >> if I set up a RODC in a different site with an own subnet do I have to >> replicate the machine-passwords with "samba-tool rodc reload host\$ >> --server=addc"? Or can a machine always authenticate against a RODC? >> > > It is my understanding that an RODC never really does authenti...

Hi everyone, I would like to have some input on ressources access from a workstation logged on a RODC server that has to connect on hub site servers. After login in the remote windows workstation, I have LOGONSERVER environment variable set to the local RODC server (workstation and user credentials have been preloaded). Everything works fine on local server. However if I want to connect to cent...

On Mon, 30 Dec 2024 16:07:31 +0000 Manzini Enrico via samba <samba at lists.samba.org> wrote: > Hi Rowland > We actually use RODC's because we have a customer with hub and spoke > configuration with 4 RWDC's in the central site, and about 80 remote > sites with RODC's deployed, all of these with low hardware security, > sites where the machine can physically can be stolen, Well, as I said, from my point...

Hi Rowland We actually use RODC's because we have a customer with hub and spoke configuration with 4 RWDC's in the central site, and about 80 remote sites with RODC's deployed, all of these with low hardware security, sites where the machine can physically can be stolen, so we opted to use RODC's machines at the r...

Hi, I've tried replacing some 2012R2 RODC by samba-4.9.4 RODCs. One question about password replication: Samba wiki (https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC) states that samba RODC acts as a proxy server to a writable DC if users are not member of the Allowed RODC Password Replication Group, which is the behavior we k...