similar to: RODC between samba v4 servers

 Hi,  I am working on a deployment of Samba as a domain controller, with one central domain controller and several read-only DC.  The deployment works, and computers seems to interact with the RODCs as they should, but sometimes computers leave the domain after a password change.  This seems to happen only on RODC where the passwords have been replicated - on one occasion the RODC was

Hi, I've tried replacing some 2012R2 RODC by samba-4.9.4 RODCs. One question about password replication: Samba wiki (https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC) states that samba RODC acts as a proxy server to a writable DC if users are not member of the Allowed RODC Password Replication Group, which is the behavior we knew (and what we want) from the MS RODCs. Our test

On Wed, 24 Oct 2018 09:45:39 +1300 Garming Sam <garming at catalyst.net.nz> wrote: > > On 23/10/18 9:48 PM, Rowland Penny via samba wrote: > > On Tue, 23 Oct 2018 10:07:29 +1300 > > Garming Sam via samba <samba at lists.samba.org> wrote: > > > >> Hi, > >> > >> On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > >>>  The

Hi Rowland, Thanks for you answer, specially on a sunday! :-) On Sun, May 5, 2019 at 11:31 AM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Sun, 5 May 2019 10:13:07 -0300 > Emerson Kfuri <emersonkfuri at gmail.com> wrote: > > > On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba < > > samba at lists.samba.org> wrote: > > >

On Tue, 23 Oct 2018 10:07:29 +1300 Garming Sam via samba <samba at lists.samba.org> wrote: > Hi, > > On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > > > >  The deployment works, and computers seems to interact with the > > RODCs as they should, but sometimes computers leave the domain > > after a password change. > > > >  This seems to

On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Sun, 5 May 2019 09:20:37 -0300 > Emerson Kfuri via samba <samba at lists.samba.org> wrote: > > > Hello, > > > > Recently I started using RODC servers on my environment and noticed a > > few issues with it: > > - lack of LDAP SPNs > > -

Hello list, I run 2 Samba 4.7.1 RODCs. One in my Default-First-Site-Name and in additional Site where only Samba RODC exists. When I start samba_kcc on first RODC it run’s without errors. If I start samba_kcc on RODC in additional Site it fails with: /usr/local/samba/sbin/samba_kcc: Traceback (most recent call last): /usr/local/samba/sbin/samba_kcc: File

On Mon, 6 May 2019 08:42:03 +0200 Adam Minski <aminski316 at gmail.com> wrote: > > Good Morning. > > I've tested RODC functionality using samba-4.9.4 and > samba-4.11.0pre1-GIT-f1a1c300e19 built on Debian 9. The builds using > the internal Heimdal KDC and the internal DNS backend. > > For me there's no lack of LDAP SPNs and samba_dnsupdate works as >

Hello Rowland, of course it will be started by samba, I saw this output if I run "samba -i". But I can trigger this output also by starting samba_kcc manually. Andrej -----Ursprüngliche Nachricht----- Von: Rowland Penny [mailto:rpenny at samba.org] Gesendet: Donnerstag, 9. November 2017 14:04 An: samba at lists.samba.org Cc: Andrej Gessel <Andrej.Gessel at janztec.com>

I'm trying to install IMA (http://linux-ima.sourceforge.net/) on CentOS 5.5, but the shipped kernel does not support it. One solution is to install a 2.6.30 kernel, but I don't really like this idea. Does anybody has tried to install it? Regards, Andreas

Hello, Recently I started using RODC servers on my environment and noticed a few issues with it: - lack of LDAP SPNs - "samba_dnsupdate" not working with "insufficient access rights" (it works from RWDCs) - "samba-tool dbcheck" changes instancetype of basically all objects from 4 to 0. New replicated objects continues being created with instancetype 4 and dbcheck

Il 03/12/24 10:13, Rowland Penny via samba ha scritto: > On Tue, 3 Dec 2024 09:15:36 +0100 > Mitja Tav?ar via samba <samba at lists.samba.org> wrote: > >> Hi, i have some problems with a recently joined Read Only Domain >> controller. >> >> I had 2 Domain Controllers based on Windows Server 2019 (hosts >> vmw2srvdc1 an vmw2srvdc2). I and i recently

On Tue, 3 Dec 2024 09:15:36 +0100 Mitja Tav?ar via samba <samba at lists.samba.org> wrote: > Hi, i have some problems with a recently joined Read Only Domain > controller. > > I had 2 Domain Controllers based on Windows Server 2019 (hosts > vmw2srvdc1 an vmw2srvdc2). I and i recently added a new site (PSN) > and Read Only DC in this second site based on samba (host

On Tue, 3 Dec 2024 11:25:35 +0100 Mitja Tav?ar via samba <samba at lists.samba.org> wrote: > Il 03/12/24 10:13, Rowland Penny via samba ha scritto: > > On Tue, 3 Dec 2024 09:15:36 +0100 > > Mitja Tav?ar via samba <samba at lists.samba.org> wrote: > > > >> Hi, i have some problems with a recently joined Read Only Domain > >> controller. >

> Jakob Curdes via samba<samba at lists.samba.org> wrote: > >> Hello, we have setup a SAMBA4 RODC in our setup where we have two >> exisitng RW Samba4 DC's. >> >> The RODC is joined correctly and can preload user accounts etc. It >> also can resolve its own name and the name of other DC's, also the >> SRV records needed. >> We created

On Wed, 24 Jan 2024 15:54:38 +0100 Jakob Curdes via samba <samba at lists.samba.org> wrote: > Hello, we have setup a SAMBA4 RODC in our setup where we have two > exisitng RW Samba4 DC's. > > The RODC is joined correctly and can preload user accounts etc. It > also can resolve its own name and the name of other DC's, also the > SRV records needed. > We created

Am 22.11.18 um 17:51 schrieb Rowland Penny via samba: > On Thu, 22 Nov 2018 17:29:16 +0100 > Stefan Kania via samba <samba at lists.samba.org> wrote: > >> Hello everybody, >> >> if I set up a RODC in a different site with an own subnet do I have to >> replicate the machine-passwords with "samba-tool rodc reload host\$ >> --server=addc"? Or

When I run "gpresult /R" on one of my domain users the ". . . following security groups" listed at the bottom of the output includes "Denied RODC Password Replication Group". Did a little web search digging and found that RODC stands for Read Only Domain Controller. My domain consists of two DC's and one member server with three W10 workstations. I have never

Hello, We've been using samba v4 for a while, but recently we faced two problems for which we cannot determine the source - nor the solution: - every day samba4 stops authenticating new users and sharing folders. While previous logged users can access resources and services, users that weren't logged can't log in. It happens either from kerberos or directly from LDAP. - We are

Hello, we have setup a SAMBA4 RODC in our setup where we have two exisitng RW Samba4 DC's. The RODC is joined correctly and can preload user accounts etc. It also can resolve its own name and the name of other DC's, also the SRV records needed. We created an own site with specific subnet for this RODC "area". But we did not manage to get a join of a Windows server working