similar to: Samba4 - RODC - Credentials caching

On Fri, 2015-05-15 at 14:38 +0200, Miko?aj Liberski wrote: > I looked all over the place, and cannot find current answer. > > I want to store passwords/password hashes on my RODC, so that when my DC > (Windows) fails, my users can still connect using RODC. > > The current state that is described (by 3 years old docs) says its WIP, so > I'm not sure what to expect? It

On Wed, 2017-11-29 at 07:26 +1300, Andrew Bartlett via samba wrote: > On Tue, 2017-11-28 at 15:03 +0000, Andrej Gessel via samba wrote: > > Hello list, > > > > I run “samba-tool rodc preload” for multiple users. If one of this users change his password, should I repeat the preload call? (I suppose yes, I need to rerun) > > If I need to rerun samba-tool, can user login

On Thu, 2017-11-30 at 15:46 +0000, Andrej Gessel via samba wrote: > Hello Andrew, > > thank you for the answer. > > 1) User credentials need to be preloaded with samba-tool to be > automatically replicated later if they change, its correct? No, preloading just makes the first login faster. > 2) And if user try to login on RODC without preloaded credentials, this >

Hi, I've stumbled upon this message: https://lists.samba.org/archive/samba-technical/2013-November/096322.html Which includes a patch to make user preloading in a RODC actually work. I'm running SerNet Samba packages, version 4.1.11, and this patch has not been applied. Is it blocked for some reason? Thanks in advance, -- Roberto Su?rez Soto Allenta Consulting

Hi Garming, > As far I know, all this should work as you would expect. Quite recently, > Andrew Bartlett and I went about testing some of the behaviour of the > KDC and confirming behaviour such as RODC ticket forwarding. thanks for the input. It gives me hope to dig deeper! I have some more time to spend on this issue today, I gonna try some more scenario. > The one thing to check

Hi Garming, > > If you don't make much progress on your own, one thing you could do is > turn up the logging level and send in some logs and network traces > (and the steps you took). This is usually the easiest way to diagnose > any obvious issues and gives a much better sense of what is actually > happening. sorry to come back to you so late... It seems inded to be some

Hi, I installed a RODC on my mailserver to have a local authentication for mailusers on the machine which doesn't rely on a always-on-connetion to the office. The problem is now that the user-preload doesn't work so that the RODC is not able to authenticate the users itself: samba-tool rodc preload <user> --server <DC1> -U Administrator Password for [AD\Administrator]:

Hello, we use Samba 4.10.13 as RODC for our Kopano mailserver. We have certain users and groups, were not all attributes are synced over to the RODC. For the users in question, we found out that if we do a manual "samba-tool rodc preload user", then that would also make the missing attributes appear on the RODC. So, any reason why certain attributes will not sync to a RODC? In our case

I'm preparing a lab to test the scenario in which a remote office uses a RODC to cache all users/computers/GPOs from a DC. I've set up a environment with all requirements (two subnets, one with a DC and the other with a RODC). I've joined the domain with a windows machine to the RODC subnet with both DCs being up. Using the windows tools (DSA), I've placed a user account and the

Hello list, I run “samba-tool rodc preload” for multiple users. If one of this users change his password, should I repeat the preload call? (I suppose yes, I need to rerun) If I need to rerun samba-tool, can user login with his old password till its expire? (I suppose yes?) Thank you. ----------------------------------------------------------------------------------------------------------

Hi everyone, I would like to have some input on ressources access from a workstation logged on a RODC server that has to connect on hub site servers. After login in the remote windows workstation, I have LOGONSERVER environment variable set to the local RODC server (workstation and user credentials have been preloaded). Everything works fine on local server. However if I want to connect to

Hi, I would like to join a samba 4.2.0 file server sitting in a branch office, with connection only to a RODC (and only the RODC can talk to the RWDC). Was wondering what's the workflow for doing this in samba. For Windows machines, Microsoft seems to have planned two workflows for this: 1. Use new flag to NetJoinDomain() API to join using the RODC

I was hoping this would be simpler. I'd like to prepopulate an RODC with all users accounts that are permitted. But I can only pre-populate one at a time: samba-tool rodc preload (<SID>|<DN>|<accountname>) sles-shire:~ # samba-tool group listmembers 'Allowed RODC Password Replication Group - Shire' Allowed RODC Password Replication Group - Global WIN7-SHIRE$ bilbo

Hello Stefan, you need to use "-U" with user from Domain Admin group(maybe it works with other users too, but I didn't test it). Andrej Am 07.08.2018 um 17:00 schrieb Stefan Kania via samba: > When I start the replication from the other DC it works as you can see: > ------- > root at addc-01:~# samba-tool drs replicate rodc-01 addc-01 dc=example,dc=net > Replicate

Hello, we have setup a SAMBA4 RODC in our setup where we have two exisitng RW Samba4 DC's. The RODC is joined correctly and can preload user accounts etc. It also can resolve its own name and the name of other DC's, also the SRV records needed. We created an own site with specific subnet for this RODC "area". But we did not manage to get a join of a Windows server working

On Wed, 24 Jan 2024 15:54:38 +0100 Jakob Curdes via samba <samba at lists.samba.org> wrote: > Hello, we have setup a SAMBA4 RODC in our setup where we have two > exisitng RW Samba4 DC's. > > The RODC is joined correctly and can preload user accounts etc. It > also can resolve its own name and the name of other DC's, also the > SRV records needed. > We created

> Jakob Curdes via samba<samba at lists.samba.org> wrote: > >> Hello, we have setup a SAMBA4 RODC in our setup where we have two >> exisitng RW Samba4 DC's. >> >> The RODC is joined correctly and can preload user accounts etc. It >> also can resolve its own name and the name of other DC's, also the >> SRV records needed. >> We created

On Sat, 20 Oct 2018 17:04:20 +0200 (CEST) tomict via samba <samba at lists.samba.org> wrote: > > > OK, I have checked from Windows and my dns looks like this: > > DC2-| > > |- Forward Lookup Zone > > |- samdom.example.com > > You have much more dc2 entries, I only have 4 from my manual > additions. Your dns setup is the same as the setup that

Hello everybody, if I set up a RODC in a different site with an own subnet do I have to replicate the machine-passwords with "samba-tool rodc reload host\$ --server=addc"? Or can a machine always authenticate against a RODC? Greetings Stefan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195

Hello, Recently I started using RODC servers on my environment and noticed a few issues with it: - lack of LDAP SPNs - "samba_dnsupdate" not working with "insufficient access rights" (it works from RWDCs) - "samba-tool dbcheck" changes instancetype of basically all objects from 4 to 0. New replicated objects continues being created with instancetype 4 and dbcheck