Displaying 20 results from an estimated 3000 matches similar to: "Joining a samba member server using offline join or a RODC"
2015 Mar 16
0
Joining a samba member server using offline join or a RODC
Hi Uri,
> I would like to join a samba 4.2.0 file server sitting in a branch
> office, with connection only to a RODC (and only the RODC can talk to
> the RWDC). Was wondering what's the workflow for doing this in samba.
>
> For Windows machines, Microsoft seems to have planned two workflows for this:
>
> 1. Use new flag to NetJoinDomain() API to join using the RODC
>
2015 Apr 23
2
RODC User preload fails
Hi,
I installed a RODC on my mailserver to have a local authentication for
mailusers on the machine which doesn't rely on a always-on-connetion to
the office.
The problem is now that the user-preload doesn't work so that the RODC
is not able to authenticate the users itself:
samba-tool rodc preload <user> --server <DC1> -U Administrator
Password for [AD\Administrator]:
2015 Feb 10
2
rodc and KRB_TGS_REQ forwarding to RWDC to access hub ressources
Hi everyone,
I would like to have some input on ressources access from a workstation
logged on a RODC server that has to connect on hub site servers.
After login in the remote windows workstation, I have LOGONSERVER
environment variable set to the local RODC server (workstation and user
credentials have been preloaded). Everything works fine on local server.
However if I want to connect to
2015 Apr 09
2
Migration of 2 samba3 PDC+OpenLDAP in one new Samba4 AD
Hi Marc,
> Am 08.04.2015 um 17:25 schrieb BRIEC, Pierre:
>> On Site1, the machines accounts are specifics, same for the Users and
>> Groups except 1 group that is common with Site2 (The Teachers).
>> Today, each site is independant,
>>
>> Now, i would like a create a new domain Samba4 AD whith all machines and
>> users from site1 and site2 together.
>>
2018 Jan 11
4
Cannot remove offline domain
Hi
I am trying to remove a dead offline domain using the below command which
is failing
samba-tool domain demote --remove-other-dead-server=IUMONG-RODC
-UAdministrator
ERROR: Demote failed: DemoteException: IUMONG-RODC is not an AD DC in
iumnet.edu.na
A transaction is still active in ldb context [0x2bf15b0] on
tdb:///var/lib/samba/private/sam.ldb
IUMONG-RODC domain is still visible under domain
2018 Nov 22
2
machine account on RODC
Hello everybody,
if I set up a RODC in a different site with an own subnet do I have to
replicate the machine-passwords with "samba-tool rodc reload host\$
--server=addc"? Or can a machine always authenticate against a RODC?
Greetings
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195
2015 Apr 08
3
Migration of 2 samba3 PDC+OpenLDAP in one new Samba4 AD
Hello,
i have question about samba3 migration.
I have 2 distincts sites whith samba3 PDC+OpenLDAP running on each site.
On Site1, the machines accounts are specifics, same for the Users and
Groups except 1 group that is common with Site2 (The Teachers).
Today, each site is independant,
Now, i would like a create a new domain Samba4 AD whith all machines and
users from site1 and site2 together.
2019 May 05
2
Issues with RODC
On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Sun, 5 May 2019 09:20:37 -0300
> Emerson Kfuri via samba <samba at lists.samba.org> wrote:
>
> > Hello,
> >
> > Recently I started using RODC servers on my environment and noticed a
> > few issues with it:
> > - lack of LDAP SPNs
> > -
2019 Mar 28
2
Is RODC password replication different from the windows version by design or is it a bug?
Hi,
I've tried replacing some 2012R2 RODC by samba-4.9.4 RODCs. One question
about password replication:
Samba wiki (https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC)
states that samba RODC acts as a proxy server to a writable DC if users
are not member of the Allowed RODC Password Replication Group, which is
the behavior we knew (and what we want) from the MS RODCs. Our test
2018 Oct 23
1
Samba 4.7+ - RODC and password change support
On Wed, 24 Oct 2018 09:45:39 +1300
Garming Sam <garming at catalyst.net.nz> wrote:
>
> On 23/10/18 9:48 PM, Rowland Penny via samba wrote:
> > On Tue, 23 Oct 2018 10:07:29 +1300
> > Garming Sam via samba <samba at lists.samba.org> wrote:
> >
> >> Hi,
> >>
> >> On 20/10/18 1:26 AM, Julien Ropé via samba wrote:
> >>> The
2018 Oct 23
3
Samba 4.7+ - RODC and password change support
On Tue, 23 Oct 2018 10:07:29 +1300
Garming Sam via samba <samba at lists.samba.org> wrote:
> Hi,
>
> On 20/10/18 1:26 AM, Julien Ropé via samba wrote:
> >
> > The deployment works, and computers seems to interact with the
> > RODCs as they should, but sometimes computers leave the domain
> > after a password change.
> >
> > This seems to
2015 Feb 16
2
rodc and KRB_TGS_REQ forwarding to RWDC to access hub ressources
Hi Garming,
> As far I know, all this should work as you would expect. Quite recently,
> Andrew Bartlett and I went about testing some of the behaviour of the
> KDC and confirming behaviour such as RODC ticket forwarding.
thanks for the input. It gives me hope to dig deeper! I have some more
time to spend on this issue today, I gonna try some more scenario.
> The one thing to check
2018 Nov 22
1
machine account on RODC
Am 22.11.18 um 17:51 schrieb Rowland Penny via samba:
> On Thu, 22 Nov 2018 17:29:16 +0100
> Stefan Kania via samba <samba at lists.samba.org> wrote:
>
>> Hello everybody,
>>
>> if I set up a RODC in a different site with an own subnet do I have to
>> replicate the machine-passwords with "samba-tool rodc reload host\$
>> --server=addc"? Or
2024 Jan 24
1
How to join Windows server to domain using a Samba RODC / login only against RW DCs?
> Jakob Curdes via samba<samba at lists.samba.org> wrote:
>
>> Hello, we have setup a SAMBA4 RODC in our setup where we have two
>> exisitng RW Samba4 DC's.
>>
>> The RODC is joined correctly and can preload user accounts etc. It
>> also can resolve its own name and the name of other DC's, also the
>> SRV records needed.
>> We created
2019 May 05
2
Issues with RODC
Hello,
Recently I started using RODC servers on my environment and noticed a few
issues with it:
- lack of LDAP SPNs
- "samba_dnsupdate" not working with "insufficient access rights" (it works
from RWDCs)
- "samba-tool dbcheck" changes instancetype of basically all objects from 4
to 0. New replicated objects continues being created with instancetype 4
and dbcheck
2014 Jan 11
2
Access denied using IP when joined in MS domain with RODC
The problem I have is a little strange and is due to the configuration of our Active Directory. The following symptoms occur with the following setup. I will provide more details on the setup later.
Microsoft Windows 2012 DC domain controller (ad1.local)
Microsoft Windows 2012 RODC read only domain controller (public.ad1.local)
Ubuntu 12.04 with Samba 3.6.3 (mizb-nas01)
The ubuntu/Samba server
2018 Oct 22
3
AD RODC not being used because of missing DNS entries?
Hi,
We have encountered these timeout issues with Samba 4.7 as an RODC too.
We created a ticket about it here :
https://bugzilla.samba.org/show_bug.cgi?id=13502
One thing is that even after the timeouts got resolved, I still get a
weird behaviour with two entries that keeps trying to update themselves
when I run "samba_dnsupdate". The call succeeds, but the entries are
actually
2015 Feb 22
1
rodc and KRB_TGS_REQ forwarding to RWDC to access hub ressources
Hi Garming,
>
> If you don't make much progress on your own, one thing you could do is
> turn up the logging level and send in some logs and network traces
> (and the steps you took). This is usually the easiest way to diagnose
> any obvious issues and gives a much better sense of what is actually
> happening.
sorry to come back to you so late... It seems inded to be some
2019 May 06
1
Issues with RODC
On Mon, 6 May 2019 08:42:03 +0200
Adam Minski <aminski316 at gmail.com> wrote:
>
> Good Morning.
>
> I've tested RODC functionality using samba-4.9.4 and
> samba-4.11.0pre1-GIT-f1a1c300e19 built on Debian 9. The builds using
> the internal Heimdal KDC and the internal DNS backend.
>
> For me there's no lack of LDAP SPNs and samba_dnsupdate works as
>
2024 Jan 24
1
How to join Windows server to domain using a Samba RODC / login only against RW DCs?
On Wed, 24 Jan 2024 15:54:38 +0100
Jakob Curdes via samba <samba at lists.samba.org> wrote:
> Hello, we have setup a SAMBA4 RODC in our setup where we have two
> exisitng RW Samba4 DC's.
>
> The RODC is joined correctly and can preload user accounts etc. It
> also can resolve its own name and the name of other DC's, also the
> SRV records needed.
> We created