similar to: Samba4 - RODC - Credentials caching

Displaying 20 results from an estimated 4000 matches similar to: "Samba4 - RODC - Credentials caching"

2015 May 16
0
Samba4 - RODC - Credentials caching
On Fri, 2015-05-15 at 14:38 +0200, Miko?aj Liberski wrote: > I looked all over the place, and cannot find current answer. > > I want to store passwords/password hashes on my RODC, so that when my DC > (Windows) fails, my users can still connect using RODC. > > The current state that is described (by 3 years old docs) says its WIP, so > I'm not sure what to expect? It
2017 Nov 28
2
Should Samba-tool RODC preload be run periodically?
On Wed, 2017-11-29 at 07:26 +1300, Andrew Bartlett via samba wrote: > On Tue, 2017-11-28 at 15:03 +0000, Andrej Gessel via samba wrote: > > Hello list, > > > > I run “samba-tool rodc preload” for multiple users. If one of this users change his password, should I repeat the preload call? (I suppose yes, I need to rerun) > > If I need to rerun samba-tool, can user login
2017 Nov 30
2
Should Samba-tool RODC preload be run periodically?
On Thu, 2017-11-30 at 15:46 +0000, Andrej Gessel via samba wrote: > Hello Andrew, > > thank you for the answer. > > 1) User credentials need to be preloaded with samba-tool to be > automatically replicated later if they change, its correct? No, preloading just makes the first login faster. > 2) And if user try to login on RODC without preloaded credentials, this >
2014 Aug 19
2
Missing patch for RODC user preloading
Hi, I've stumbled upon this message: https://lists.samba.org/archive/samba-technical/2013-November/096322.html Which includes a patch to make user preloading in a RODC actually work. I'm running SerNet Samba packages, version 4.1.11, and this patch has not been applied. Is it blocked for some reason? Thanks in advance, -- Roberto Su?rez Soto Allenta Consulting
2015 Feb 16
2
rodc and KRB_TGS_REQ forwarding to RWDC to access hub ressources
Hi Garming, > As far I know, all this should work as you would expect. Quite recently, > Andrew Bartlett and I went about testing some of the behaviour of the > KDC and confirming behaviour such as RODC ticket forwarding. thanks for the input. It gives me hope to dig deeper! I have some more time to spend on this issue today, I gonna try some more scenario. > The one thing to check
2015 Feb 22
1
rodc and KRB_TGS_REQ forwarding to RWDC to access hub ressources
Hi Garming, > > If you don't make much progress on your own, one thing you could do is > turn up the logging level and send in some logs and network traces > (and the steps you took). This is usually the easiest way to diagnose > any obvious issues and gives a much better sense of what is actually > happening. sorry to come back to you so late... It seems inded to be some
2015 Apr 23
2
RODC User preload fails
Hi, I installed a RODC on my mailserver to have a local authentication for mailusers on the machine which doesn't rely on a always-on-connetion to the office. The problem is now that the user-preload doesn't work so that the RODC is not able to authenticate the users itself: samba-tool rodc preload <user> --server <DC1> -U Administrator Password for [AD\Administrator]:
2020 Feb 23
2
Missing attributes on RODC.
Hello, we use Samba 4.10.13 as RODC for our Kopano mailserver. We have certain users and groups, were not all attributes are synced over to the RODC. For the users in question, we found out that if we do a manual "samba-tool rodc preload user", then that would also make the missing attributes appear on the RODC. So, any reason why certain attributes will not sync to a RODC? In our case
2013 Jul 25
1
RODC between samba v4 servers
I'm preparing a lab to test the scenario in which a remote office uses a RODC to cache all users/computers/GPOs from a DC. I've set up a environment with all requirements (two subnets, one with a DC and the other with a RODC). I've joined the domain with a windows machine to the RODC subnet with both DCs being up. Using the windows tools (DSA), I've placed a user account and the
2017 Nov 28
2
Should Samba-tool RODC preload be run periodically?
Hello list, I run “samba-tool rodc preload” for multiple users. If one of this users change his password, should I repeat the preload call? (I suppose yes, I need to rerun) If I need to rerun samba-tool, can user login with his old password till its expire? (I suppose yes?) Thank you. ----------------------------------------------------------------------------------------------------------
2015 Feb 10
2
rodc and KRB_TGS_REQ forwarding to RWDC to access hub ressources
Hi everyone, I would like to have some input on ressources access from a workstation logged on a RODC server that has to connect on hub site servers. After login in the remote windows workstation, I have LOGONSERVER environment variable set to the local RODC server (workstation and user credentials have been preloaded). Everything works fine on local server. However if I want to connect to
2015 Mar 16
2
Joining a samba member server using offline join or a RODC
Hi, I would like to join a samba 4.2.0 file server sitting in a branch office, with connection only to a RODC (and only the RODC can talk to the RWDC). Was wondering what's the workflow for doing this in samba. For Windows machines, Microsoft seems to have planned two workflows for this: 1. Use new flag to NetJoinDomain() API to join using the RODC
2013 Nov 19
1
Prepopulate *all* users to a samba4 RODC
I was hoping this would be simpler. I'd like to prepopulate an RODC with all users accounts that are permitted. But I can only pre-populate one at a time: samba-tool rodc preload (<SID>|<DN>|<accountname>) sles-shire:~ # samba-tool group listmembers 'Allowed RODC Password Replication Group - Shire' Allowed RODC Password Replication Group - Global WIN7-SHIRE$ bilbo
2018 Aug 07
2
setting up a RODC
Hello Stefan, you need to use "-U" with user from Domain Admin group(maybe it works with other users too, but I didn't test it). Andrej Am 07.08.2018 um 17:00 schrieb Stefan Kania via samba: > When I start the replication from the other DC it works as you can see: > ------- > root at addc-01:~# samba-tool drs replicate rodc-01 addc-01 dc=example,dc=net > Replicate
2024 Jan 24
1
How to join Windows server to domain using a Samba RODC / login only against RW DCs?
Hello, we have setup a SAMBA4 RODC in our setup where we have two exisitng RW Samba4 DC's. The RODC is joined correctly and can preload user accounts etc. It also can resolve its own name and the name of other DC's, also the SRV records needed. We created an own site with specific subnet for this RODC "area". But we did not manage to get a join of a Windows server working
2024 Jan 24
1
How to join Windows server to domain using a Samba RODC / login only against RW DCs?
On Wed, 24 Jan 2024 15:54:38 +0100 Jakob Curdes via samba <samba at lists.samba.org> wrote: > Hello, we have setup a SAMBA4 RODC in our setup where we have two > exisitng RW Samba4 DC's. > > The RODC is joined correctly and can preload user accounts etc. It > also can resolve its own name and the name of other DC's, also the > SRV records needed. > We created
2024 Jan 24
1
How to join Windows server to domain using a Samba RODC / login only against RW DCs?
> Jakob Curdes via samba<samba at lists.samba.org> wrote: > >> Hello, we have setup a SAMBA4 RODC in our setup where we have two >> exisitng RW Samba4 DC's. >> >> The RODC is joined correctly and can preload user accounts etc. It >> also can resolve its own name and the name of other DC's, also the >> SRV records needed. >> We created
2018 Oct 20
2
AD RODC not being used because of missing DNS entries?
On Sat, 20 Oct 2018 17:04:20 +0200 (CEST) tomict via samba <samba at lists.samba.org> wrote: > > > OK, I have checked from Windows and my dns looks like this: > > DC2-| > > |- Forward Lookup Zone > > |- samdom.example.com > > You have much more dc2 entries, I only have 4 from my manual > additions. Your dns setup is the same as the setup that
2018 Nov 22
2
machine account on RODC
Hello everybody, if I set up a RODC in a different site with an own subnet do I have to replicate the machine-passwords with "samba-tool rodc reload host\$ --server=addc"? Or can a machine always authenticate against a RODC? Greetings Stefan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195
2019 May 05
2
Issues with RODC
Hello, Recently I started using RODC servers on my environment and noticed a few issues with it: - lack of LDAP SPNs - "samba_dnsupdate" not working with "insufficient access rights" (it works from RWDCs) - "samba-tool dbcheck" changes instancetype of basically all objects from 4 to 0. New replicated objects continues being created with instancetype 4 and dbcheck