similar to: RODC User preload fails

Hello Stefan, you need to use "-U" with user from Domain Admin group(maybe it works with other users too, but I didn't test it). Andrej Am 07.08.2018 um 17:00 schrieb Stefan Kania via samba: > When I start the replication from the other DC it works as you can see: > ------- > root at addc-01:~# samba-tool drs replicate rodc-01 addc-01 dc=example,dc=net > Replicate

Hello, I just start testing the setup of an RODC with 4.8.3 (I use the packages from Louis). The join works fine. After a reboot of the rodc I can see all Objcts with: ldbsearch --url=/var/lib/samba/private/sam.ldb and all users and groups with: wbinfo -u wbinfo -g But as soon as I try to test the replication I got this message: ----------- root at rodc-01:/var/lib/samba/private# samba-tool drs

Hello, Recently I started using RODC servers on my environment and noticed a few issues with it: - lack of LDAP SPNs - "samba_dnsupdate" not working with "insufficient access rights" (it works from RWDCs) - "samba-tool dbcheck" changes instancetype of basically all objects from 4 to 0. New replicated objects continues being created with instancetype 4 and dbcheck

On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Sun, 5 May 2019 09:20:37 -0300 > Emerson Kfuri via samba <samba at lists.samba.org> wrote: > > > Hello, > > > > Recently I started using RODC servers on my environment and noticed a > > few issues with it: > > - lack of LDAP SPNs > > -

Hello, I try to test joining new RODC (samba-tool domain join unn.global RODC -U Administrator -d5) and it's fail with message: Could not find machine account in secrets database: Failed to fetch machine account password for UNN from both secrets.ldb (Could not find entry to match filter: '(&(flatname=UNN)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No

On Wed, 2017-11-29 at 07:26 +1300, Andrew Bartlett via samba wrote: > On Tue, 2017-11-28 at 15:03 +0000, Andrej Gessel via samba wrote: > > Hello list, > > > > I run “samba-tool rodc preload” for multiple users. If one of this users change his password, should I repeat the preload call? (I suppose yes, I need to rerun) > > If I need to rerun samba-tool, can user login

Hello list, I run “samba-tool rodc preload” for multiple users. If one of this users change his password, should I repeat the preload call? (I suppose yes, I need to rerun) If I need to rerun samba-tool, can user login with his old password till its expire? (I suppose yes?) Thank you. ----------------------------------------------------------------------------------------------------------

Hi Rowland, Thanks for you answer, specially on a sunday! :-) On Sun, May 5, 2019 at 11:31 AM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Sun, 5 May 2019 10:13:07 -0300 > Emerson Kfuri <emersonkfuri at gmail.com> wrote: > > > On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba < > > samba at lists.samba.org> wrote: > > >

Hello everybody, if I set up a RODC in a different site with an own subnet do I have to replicate the machine-passwords with "samba-tool rodc reload host\$ --server=addc"? Or can a machine always authenticate against a RODC? Greetings Stefan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195

[2015/05/28 14:41:18.977544, 0] ../source4/smbd/server.c:370(binary_smbd_main) samba version 4.1.16 started. Copyright Andrew Tridgell and the Samba Team 1992-2013 [2015/05/28 14:41:19.173118, 0] ../source4/smbd/server.c:488(binary_smbd_main) samba: using 'standard' process model [2015/05/28 14:41:19.196917, 0] ../lib/util/become_daemon.c:136(daemon_ready) [2015/05/28

On Thu, 2017-11-30 at 15:46 +0000, Andrej Gessel via samba wrote: > Hello Andrew, > > thank you for the answer. > > 1) User credentials need to be preloaded with samba-tool to be > automatically replicated later if they change, its correct? No, preloading just makes the first login faster. > 2) And if user try to login on RODC without preloaded credentials, this >

Hi, I've tried replacing some 2012R2 RODC by samba-4.9.4 RODCs. One question about password replication: Samba wiki (https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC) states that samba RODC acts as a proxy server to a writable DC if users are not member of the Allowed RODC Password Replication Group, which is the behavior we knew (and what we want) from the MS RODCs. Our test

Hi, i have some problems with a recently joined Read Only Domain controller. I had 2 Domain Controllers based on Windows Server 2019 (hosts vmw2srvdc1 an vmw2srvdc2). I and i recently added a new site (PSN) and Read Only DC in this second site based on samba (host lvsrvdc). Then i added a fileserver joining as domain member (host lvsrv39) the same site as the new RODC (lvsrvdc). Performing the

Hi list, I'm running into issues with Samba 4.5.16-Debian. I am trying to get 3 DCs to talk to each other and replicate. DC1 and DC3 are on the same subnet; DC2 is on another subnet, accessible by IP. Currently, no firewalls on any of the DCs. Issue 1 - When I run "samba-tool drs showrepl", I get various results: DC1 - Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2

Hi everyone, I would like to have some input on ressources access from a workstation logged on a RODC server that has to connect on hub site servers. After login in the remote windows workstation, I have LOGONSERVER environment variable set to the local RODC server (workstation and user credentials have been preloaded). Everything works fine on local server. However if I want to connect to

Hi, I would like to join a samba 4.2.0 file server sitting in a branch office, with connection only to a RODC (and only the RODC can talk to the RWDC). Was wondering what's the workflow for doing this in samba. For Windows machines, Microsoft seems to have planned two workflows for this: 1. Use new flag to NetJoinDomain() API to join using the RODC

On Tue, 23 Oct 2018 10:07:29 +1300 Garming Sam via samba <samba at lists.samba.org> wrote: > Hi, > > On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > > > >  The deployment works, and computers seems to interact with the > > RODCs as they should, but sometimes computers leave the domain > > after a password change. > > > >  This seems to

On Wed, 24 Oct 2018 09:45:39 +1300 Garming Sam <garming at catalyst.net.nz> wrote: > > On 23/10/18 9:48 PM, Rowland Penny via samba wrote: > > On Tue, 23 Oct 2018 10:07:29 +1300 > > Garming Sam via samba <samba at lists.samba.org> wrote: > > > >> Hi, > >> > >> On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > >>>  The

Hi, I have been trying for days to solve this to no avail. I have taken over the IT responsibilities at a small school and am trying to get my head around their network and why they are having problems. They have 3 servers, Matthew, Genesis and Luke. Matthew is a Windows 2008 R2 server and holds all the FSMO roles but appears to be screwed up. It won't replicate with anything and randomly

Am 22.11.18 um 17:51 schrieb Rowland Penny via samba: > On Thu, 22 Nov 2018 17:29:16 +0100 > Stefan Kania via samba <samba at lists.samba.org> wrote: > >> Hello everybody, >> >> if I set up a RODC in a different site with an own subnet do I have to >> replicate the machine-passwords with "samba-tool rodc reload host\$ >> --server=addc"? Or