similar to: Samba 4.7+ - RODC and password change support

On Tue, 23 Oct 2018 10:07:29 +1300 Garming Sam via samba <samba at lists.samba.org> wrote: > Hi, > > On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > > > >  The deployment works, and computers seems to interact with the > > RODCs as they should, but sometimes computers leave the domain > > after a password change. > > > >  This seems to

On Wed, 24 Oct 2018 09:45:39 +1300 Garming Sam <garming at catalyst.net.nz> wrote: > > On 23/10/18 9:48 PM, Rowland Penny via samba wrote: > > On Tue, 23 Oct 2018 10:07:29 +1300 > > Garming Sam via samba <samba at lists.samba.org> wrote: > > > >> Hi, > >> > >> On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > >>>  The

Hi, On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > >  The deployment works, and computers seems to interact with the RODCs > as they should, but sometimes computers leave the domain after a > password change. > >  This seems to happen only on RODC where the passwords have been > replicated - on one occasion the RODC was not set to store password > hashes, and

On 23/10/18 9:48 PM, Rowland Penny via samba wrote: > On Tue, 23 Oct 2018 10:07:29 +1300 > Garming Sam via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> On 20/10/18 1:26 AM, Julien Ropé via samba wrote: >>>  The deployment works, and computers seems to interact with the >>> RODCs as they should, but sometimes computers leave the domain

Hi, I've tried replacing some 2012R2 RODC by samba-4.9.4 RODCs. One question about password replication: Samba wiki (https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC) states that samba RODC acts as a proxy server to a writable DC if users are not member of the Allowed RODC Password Replication Group, which is the behavior we knew (and what we want) from the MS RODCs. Our test

On 03/29/2019 10:54 AM, Andrew Bartlett wrote: > On Fri, 2019-03-29 at 10:44 +0100, Adam Minski wrote: >> >> On 03/29/2019 10:37 AM, Andrew Bartlett wrote: >>> On Fri, 2019-03-29 at 10:16 +0100, Adam Minski via samba wrote: >>>> On 03/28/2019 05:32 PM, Rowland Penny via samba wrote: >>>> >>>> [...] >>>>

Hi Garming, > As far I know, all this should work as you would expect. Quite recently, > Andrew Bartlett and I went about testing some of the behaviour of the > KDC and confirming behaviour such as RODC ticket forwarding. thanks for the input. It gives me hope to dig deeper! I have some more time to spend on this issue today, I gonna try some more scenario. > The one thing to check

Hi Garming, > > If you don't make much progress on your own, one thing you could do is > turn up the logging level and send in some logs and network traces > (and the steps you took). This is usually the easiest way to diagnose > any obvious issues and gives a much better sense of what is actually > happening. sorry to come back to you so late... It seems inded to be some

Hi, We have encountered these timeout issues with Samba 4.7 as an RODC too. We created a ticket about it here : https://bugzilla.samba.org/show_bug.cgi?id=13502 One thing is that even after the timeouts got resolved, I still get a weird behaviour with two entries that keeps trying to update themselves when I run "samba_dnsupdate". The call succeeds, but the entries are actually

On 03/29/2019 10:37 AM, Andrew Bartlett wrote: > On Fri, 2019-03-29 at 10:16 +0100, Adam Minski via samba wrote: >> >> On 03/28/2019 05:32 PM, Rowland Penny via samba wrote: >> >> [...] >> >>>> Should the samba RDOC act like the windows version or is it different >>>> by design? >>>> >>> >>> Yes it should and

Hi everyone, I would like to have some input on ressources access from a workstation logged on a RODC server that has to connect on hub site servers. After login in the remote windows workstation, I have LOGONSERVER environment variable set to the local RODC server (workstation and user credentials have been preloaded). Everything works fine on local server. However if I want to connect to

Hi Rowland, Thanks for you answer, specially on a sunday! :-) On Sun, May 5, 2019 at 11:31 AM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Sun, 5 May 2019 10:13:07 -0300 > Emerson Kfuri <emersonkfuri at gmail.com> wrote: > > > On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba < > > samba at lists.samba.org> wrote: > > >

Hi, I have some question about the command "samba-tool drs replicate" command. On a server with a big number of objects to synchronize, the command makes a timeout error. Now it looks like the sync actually occurs. I also see that there is an option to make the command asynchronous (not waiting for the result of the replication), but then I'm not sure how to confirm the process

On Mon, 6 May 2019 08:42:03 +0200 Adam Minski <aminski316 at gmail.com> wrote: > > Good Morning. > > I've tested RODC functionality using samba-4.9.4 and > samba-4.11.0pre1-GIT-f1a1c300e19 built on Debian 9. The builds using > the internal Heimdal KDC and the internal DNS backend. > > For me there's no lack of LDAP SPNs and samba_dnsupdate works as >

On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Sun, 5 May 2019 09:20:37 -0300 > Emerson Kfuri via samba <samba at lists.samba.org> wrote: > > > Hello, > > > > Recently I started using RODC servers on my environment and noticed a > > few issues with it: > > - lack of LDAP SPNs > > -

On 03/28/2019 05:32 PM, Rowland Penny via samba wrote: [...] >> Should the samba RDOC act like the windows version or is it different >> by design? >> > > Yes it should and there is a bug report for something similar already, > see here: https://bugzilla.samba.org/show_bug.cgi?id=13377 > > I know that is for members of the denied group, but the substance is

Hello Rowland, of course it will be started by samba, I saw this output if I run "samba -i". But I can trigger this output also by starting samba_kcc manually. Andrej -----Ursprüngliche Nachricht----- Von: Rowland Penny [mailto:rpenny at samba.org] Gesendet: Donnerstag, 9. November 2017 14:04 An: samba at lists.samba.org Cc: Andrej Gessel <Andrej.Gessel at janztec.com>

On Thu, 28 Mar 2019 16:31:51 +0100 Adam Minski via samba <samba at lists.samba.org> wrote: > Hi, > > I've tried replacing some 2012R2 RODC by samba-4.9.4 RODCs. One > question about password replication: > > Samba wiki (https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC) > states that samba RODC acts as a proxy server to a writable DC if > users are not

On Sat, 20 Oct 2018 17:04:20 +0200 (CEST) tomict via samba <samba at lists.samba.org> wrote: > > > OK, I have checked from Windows and my dns looks like this: > > DC2-| > > |- Forward Lookup Zone > > |- samdom.example.com > > You have much more dc2 entries, I only have 4 from my manual > additions. Your dns setup is the same as the setup that

I upgraded from 4.1.23 to 4.2.12 and am now getting (lots of) messages: Unable to fetch value for secret BCKUPKEY_, are we an undetected RODC? I found an almost identical message (titled: "Update samba4 from 4.1.17 to 4.2.1 failed") on the web from May 22, 2015 at: http://samba.2283325.n4.nabble.com/Update-samba4-from-4-1-17-to-4-2-1-failed-td4686215.html but saw no resolution other