similar to: Joining to a RODC

Hi Uri, > I would like to join a samba 4.2.0 file server sitting in a branch > office, with connection only to a RODC (and only the RODC can talk to > the RWDC). Was wondering what's the workflow for doing this in samba. > > For Windows machines, Microsoft seems to have planned two workflows for this: > > 1. Use new flag to NetJoinDomain() API to join using the RODC >

Hi, I would like to join a samba 4.2.0 file server sitting in a branch office, with connection only to a RODC (and only the RODC can talk to the RWDC). Was wondering what's the workflow for doing this in samba. For Windows machines, Microsoft seems to have planned two workflows for this: 1. Use new flag to NetJoinDomain() API to join using the RODC

When I run "gpresult /R" on one of my domain users the ". . . following security groups" listed at the bottom of the output includes "Denied RODC Password Replication Group". Did a little web search digging and found that RODC stands for Read Only Domain Controller. My domain consists of two DC's and one member server with three W10 workstations. I have never

Hello, we have setup a SAMBA4 RODC in our setup where we have two exisitng RW Samba4 DC's. The RODC is joined correctly and can preload user accounts etc. It also can resolve its own name and the name of other DC's, also the SRV records needed. We created an own site with specific subnet for this RODC "area". But we did not manage to get a join of a Windows server working

Hi, I installed a RODC on my mailserver to have a local authentication for mailusers on the machine which doesn't rely on a always-on-connetion to the office. The problem is now that the user-preload doesn't work so that the RODC is not able to authenticate the users itself: samba-tool rodc preload <user> --server <DC1> -U Administrator Password for [AD\Administrator]:

Hi, I'm trying to add a Samba RODC in our environment (Samba 4.6.7) RODC is in the domain and viewable in the MMC, but all users are in " denied rodc password replication group". However these users are not in that group, and also not in a group member of that group (it seems) root at dc ~]# wbinfo -g test|grep -i denied DOMAIN\denied rodc password replication group I

On Thu, 28 Mar 2019 16:31:51 +0100 Adam Minski via samba <samba at lists.samba.org> wrote: > Hi, > > I've tried replacing some 2012R2 RODC by samba-4.9.4 RODCs. One > question about password replication: > > Samba wiki (https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC) > states that samba RODC acts as a proxy server to a writable DC if > users are not

When I start the replication from the other DC it works as you can see: ------- root at addc-01:~# samba-tool drs replicate rodc-01 addc-01 dc=example,dc=net Replicate from addc-01 to rodc-01 was successful. ------- Am 07.08.2018 um 15:26 schrieb Stefan Kania via samba: > Hello, > > I just start testing the setup of an RODC with 4.8.3 (I use the packages > from Louis). The join works

On Sun, 5 May 2019 10:13:07 -0300 Emerson Kfuri <emersonkfuri at gmail.com> wrote: > On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba < > samba at lists.samba.org> wrote: > > > On Sun, 5 May 2019 09:20:37 -0300 > > Emerson Kfuri via samba <samba at lists.samba.org> wrote: > > > > > Hello, > > > > > > Recently I

HI Samba Team, Can you please help me understanding the if i can join a samba3.x or 4.x as a member to Microsoft RODC server. This is a Windows 2008 RODC server. I have many issues while connecting samba to a RODC, looks like a common issue people are facing. I am able to connect 400 RHEL server using samba to Writable server but while connecting to RODC we have issues. Please let me know if you

I was hoping this would be simpler. I'd like to prepopulate an RODC with all users accounts that are permitted. But I can only pre-populate one at a time: samba-tool rodc preload (<SID>|<DN>|<accountname>) sles-shire:~ # samba-tool group listmembers 'Allowed RODC Password Replication Group - Shire' Allowed RODC Password Replication Group - Global WIN7-SHIRE$ bilbo

Hi, On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > >  The deployment works, and computers seems to interact with the RODCs > as they should, but sometimes computers leave the domain after a > password change. > >  This seems to happen only on RODC where the passwords have been > replicated - on one occasion the RODC was not set to store password > hashes, and

On 23/10/18 9:48 PM, Rowland Penny via samba wrote: > On Tue, 23 Oct 2018 10:07:29 +1300 > Garming Sam via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> On 20/10/18 1:26 AM, Julien Ropé via samba wrote: >>>  The deployment works, and computers seems to interact with the >>> RODCs as they should, but sometimes computers leave the domain

Hello everybody, if I set up a RODC in a different site with an own subnet do I have to replicate the machine-passwords with "samba-tool rodc reload host\$ --server=addc"? Or can a machine always authenticate against a RODC? Greetings Stefan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195

On Mon, 6 May 2019 08:42:03 +0200 Adam Minski <aminski316 at gmail.com> wrote: > > Good Morning. > > I've tested RODC functionality using samba-4.9.4 and > samba-4.11.0pre1-GIT-f1a1c300e19 built on Debian 9. The builds using > the internal Heimdal KDC and the internal DNS backend. > > For me there's no lack of LDAP SPNs and samba_dnsupdate works as >

Hi everybody, I'm making a POC with samba4 RODC I had problem with preload command. Setup was a fresh 4.1.6 ADS install and a 4.1.6 RODC. All is working fine except account preload : root at smbrodc:~# samba-tool rodc preload m.brant --server=smbdc.gnutopya.local -U administrator Password for [GNUTOPYA\administrator]: Replicating DN CN=Mike BRANT,OU=Users,OU=Rouen,DC=gnutopya,DC=local

I'm preparing a lab to test the scenario in which a remote office uses a RODC to cache all users/computers/GPOs from a DC. I've set up a environment with all requirements (two subnets, one with a DC and the other with a RODC). I've joined the domain with a windows machine to the RODC subnet with both DCs being up. Using the windows tools (DSA), I've placed a user account and the

I looked all over the place, and cannot find current answer. I want to store passwords/password hashes on my RODC, so that when my DC (Windows) fails, my users can still connect using RODC. The current state that is described (by 3 years old docs) says its WIP, so I'm not sure what to expect? Also, in documentation there is no option, to allow for preloading whole group of users, is that

On Wed, 24 Jan 2024 15:54:38 +0100 Jakob Curdes via samba <samba at lists.samba.org> wrote: > Hello, we have setup a SAMBA4 RODC in our setup where we have two > exisitng RW Samba4 DC's. > > The RODC is joined correctly and can preload user accounts etc. It > also can resolve its own name and the name of other DC's, also the > SRV records needed. > We created

Hi, As far I know, all this should work as you would expect. Quite recently, Andrew Bartlett and I went about testing some of the behaviour of the KDC and confirming behaviour such as RODC ticket forwarding. The one thing to check would be whether or not Samba is being linked against system Heimdal. As it stands, there is no real testing of Samba using system Heimdal and from the testing