similar to: Samba4 as a RODC

Hi list, I'm trying to add a RODC in an AD environment using the command: /usr/local/samba4# bin/samba-tool domain join ad.xxxxx.com.br RODC -UAdministrator --realm=ad.xxxxx.com.br -W XXXXX But I'm getting this error: ... checking sAMAccountName Adding CN=TOWER,OU=Domain Controllers,DC=ad,DC=xxxxx,DC=com,DC=br Adding CN=krbtgt_TOWER,CN=Users,DC=ad,DC=xxxxx,DC=com,DC=br Got

I looked all over the place, and cannot find current answer. I want to store passwords/password hashes on my RODC, so that when my DC (Windows) fails, my users can still connect using RODC. The current state that is described (by 3 years old docs) says its WIP, so I'm not sure what to expect? Also, in documentation there is no option, to allow for preloading whole group of users, is that

Hi, I'm trying to add a Samba RODC in our environment (Samba 4.6.7) RODC is in the domain and viewable in the MMC, but all users are in " denied rodc password replication group". However these users are not in that group, and also not in a group member of that group (it seems) root at dc ~]# wbinfo -g test|grep -i denied DOMAIN\denied rodc password replication group I

Hi Garming, > > If you don't make much progress on your own, one thing you could do is > turn up the logging level and send in some logs and network traces > (and the steps you took). This is usually the easiest way to diagnose > any obvious issues and gives a much better sense of what is actually > happening. sorry to come back to you so late... It seems inded to be some

Hi Garming, > As far I know, all this should work as you would expect. Quite recently, > Andrew Bartlett and I went about testing some of the behaviour of the > KDC and confirming behaviour such as RODC ticket forwarding. thanks for the input. It gives me hope to dig deeper! I have some more time to spend on this issue today, I gonna try some more scenario. > The one thing to check

Hello, I just start testing the setup of an RODC with 4.8.3 (I use the packages from Louis). The join works fine. After a reboot of the rodc I can see all Objcts with: ldbsearch --url=/var/lib/samba/private/sam.ldb and all users and groups with: wbinfo -u wbinfo -g But as soon as I try to test the replication I got this message: ----------- root at rodc-01:/var/lib/samba/private# samba-tool drs

Hi . I upgraded my samba4 servers from 4.1.17 to 4.2.1 . After upgrading , the samba4 servers becomed very slow and these error logs occured : [2015/04/27 08:09:08.279400, 1] ../source4/rpc_server/backupkey/dcesrv_backupke y.c:1423(bkrp_do_retrieve_server_wrap_key) Unable to fetch value for secret BCKUPKEY_34847c15-efd9-4430-ba82-bf7d3160e9e1 , are we an undetected RODC? [2015/04/27

Hi everyone, I would like to have some input on ressources access from a workstation logged on a RODC server that has to connect on hub site servers. After login in the remote windows workstation, I have LOGONSERVER environment variable set to the local RODC server (workstation and user credentials have been preloaded). Everything works fine on local server. However if I want to connect to

Hello Stefan, you need to use "-U" with user from Domain Admin group(maybe it works with other users too, but I didn't test it). Andrej Am 07.08.2018 um 17:00 schrieb Stefan Kania via samba: > When I start the replication from the other DC it works as you can see: > ------- > root at addc-01:~# samba-tool drs replicate rodc-01 addc-01 dc=example,dc=net > Replicate

On Wed, 2017-11-29 at 07:26 +1300, Andrew Bartlett via samba wrote: > On Tue, 2017-11-28 at 15:03 +0000, Andrej Gessel via samba wrote: > > Hello list, > > > > I run “samba-tool rodc preload” for multiple users. If one of this users change his password, should I repeat the preload call? (I suppose yes, I need to rerun) > > If I need to rerun samba-tool, can user login

HI Samba Team, Can you please help me understanding the if i can join a samba3.x or 4.x as a member to Microsoft RODC server. This is a Windows 2008 RODC server. I have many issues while connecting samba to a RODC, looks like a common issue people are facing. I am able to connect 400 RHEL server using samba to Writable server but while connecting to RODC we have issues. Please let me know if you

On Thu, 2017-11-30 at 15:46 +0000, Andrej Gessel via samba wrote: > Hello Andrew, > > thank you for the answer. > > 1) User credentials need to be preloaded with samba-tool to be > automatically replicated later if they change, its correct? No, preloading just makes the first login faster. > 2) And if user try to login on RODC without preloaded credentials, this >

Hi We are running the latest 4.6.7 Sernet samba packages on a Ubuntu 12.02 LTS servers with one PDC and 05 RODC's located at the branches. The sysvol replication is working fine from the PDC to the RODC's but the RODC's are failing to login the local clients when the link between the branch and the Main campus is offline. The branch computers and users are added into the Allowed

Hi, I'm trying to join a samba4 (4.0.5) server as a domain member in an AD (2k8 server) environment. I used this command to compile samba4 ( https://wiki.samba.org/index.php/Samba4/Domain_Member) : ./configure --with-ads --with-shared-modules=idmap_ad But I get this error : Active Directory support not available : LDAP support ist not available. /root/samba-4.0.5/source3/wscript:733: error:

Hello list, I run “samba-tool rodc preload” for multiple users. If one of this users change his password, should I repeat the preload call? (I suppose yes, I need to rerun) If I need to rerun samba-tool, can user login with his old password till its expire? (I suppose yes?) Thank you. ----------------------------------------------------------------------------------------------------------

Am 22.01.2018 um 21:39 schrieb Andrew Bartlett: > On Mon, 2018-01-22 at 21:30 +0100, Johannes Engel via samba wrote: >> [2018/01/22 21:15:50.022197, 2] >> ../source4/auth/ntlm/auth.c:475(auth_check_password_recv) >> auth_check_password_recv: sam_failtrusts authentication for user >> [MYDOMAIN\ldap] FAILED with error NT_STATUS_NO_TRUST_LSA_SECRET, >>

Hello, I try to test joining new RODC (samba-tool domain join unn.global RODC -U Administrator -d5) and it's fail with message: Could not find machine account in secrets database: Failed to fetch machine account password for UNN from both secrets.ldb (Could not find entry to match filter: '(&(flatname=UNN)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No

Dear all, setting up a DMZ environment I was thinking to use an RODC there for user authentication. One of the application in the DMZ needs to access the directory via LDAP. When I tried to connect to the RODC using LDAP with simple bind, I always received the following error ldap_bind: Invalid credentials (49)         additional info: 80090308: LdapErr: DSID-0C0903A9, comment:

Hi Andrew, I am deeply impressed by your speed! :D The RODC is actually Samba 4.7.4, the other DCs are still on 4.6.12. Any suggestion how I can debug this w/o setting everything on level 10? ;) Best regards Johannes Am 22.01.2018 um 20:45 schrieb Andrew Bartlett: > On Mon, 2018-01-22 at 20:36 +0100, Johannes Engel via samba wrote: >> Dear all, >> >> setting up a DMZ

I was hoping this would be simpler. I'd like to prepopulate an RODC with all users accounts that are permitted. But I can only pre-populate one at a time: samba-tool rodc preload (<SID>|<DN>|<accountname>) sles-shire:~ # samba-tool group listmembers 'Allowed RODC Password Replication Group - Shire' Allowed RODC Password Replication Group - Global WIN7-SHIRE$ bilbo