similar to: Is RODC password replication different from the windows version by design or is it a bug?

On 03/29/2019 10:54 AM, Andrew Bartlett wrote: > On Fri, 2019-03-29 at 10:44 +0100, Adam Minski wrote: >> >> On 03/29/2019 10:37 AM, Andrew Bartlett wrote: >>> On Fri, 2019-03-29 at 10:16 +0100, Adam Minski via samba wrote: >>>> On 03/28/2019 05:32 PM, Rowland Penny via samba wrote: >>>> >>>> [...] >>>>

On 03/29/2019 10:37 AM, Andrew Bartlett wrote: > On Fri, 2019-03-29 at 10:16 +0100, Adam Minski via samba wrote: >> >> On 03/28/2019 05:32 PM, Rowland Penny via samba wrote: >> >> [...] >> >>>> Should the samba RDOC act like the windows version or is it different >>>> by design? >>>> >>> >>> Yes it should and

On Mon, 6 May 2019 08:42:03 +0200 Adam Minski <aminski316 at gmail.com> wrote: > > Good Morning. > > I've tested RODC functionality using samba-4.9.4 and > samba-4.11.0pre1-GIT-f1a1c300e19 built on Debian 9. The builds using > the internal Heimdal KDC and the internal DNS backend. > > For me there's no lack of LDAP SPNs and samba_dnsupdate works as >

On 03/28/2019 05:32 PM, Rowland Penny via samba wrote: [...] >> Should the samba RDOC act like the windows version or is it different >> by design? >> > > Yes it should and there is a bug report for something similar already, > see here: https://bugzilla.samba.org/show_bug.cgi?id=13377 > > I know that is for members of the denied group, but the substance is

 Hi,  I am working on a deployment of Samba as a domain controller, with one central domain controller and several read-only DC.  The deployment works, and computers seems to interact with the RODCs as they should, but sometimes computers leave the domain after a password change.  This seems to happen only on RODC where the passwords have been replicated - on one occasion the RODC was

Hi Rowland, Thanks for you answer, specially on a sunday! :-) On Sun, May 5, 2019 at 11:31 AM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Sun, 5 May 2019 10:13:07 -0300 > Emerson Kfuri <emersonkfuri at gmail.com> wrote: > > > On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba < > > samba at lists.samba.org> wrote: > > >

On Thu, 28 Mar 2019 16:31:51 +0100 Adam Minski via samba <samba at lists.samba.org> wrote: > Hi, > > I've tried replacing some 2012R2 RODC by samba-4.9.4 RODCs. One > question about password replication: > > Samba wiki (https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC) > states that samba RODC acts as a proxy server to a writable DC if > users are not

On Wed, 24 Oct 2018 09:45:39 +1300 Garming Sam <garming at catalyst.net.nz> wrote: > > On 23/10/18 9:48 PM, Rowland Penny via samba wrote: > > On Tue, 23 Oct 2018 10:07:29 +1300 > > Garming Sam via samba <samba at lists.samba.org> wrote: > > > >> Hi, > >> > >> On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > >>>  The

On Tue, 23 Oct 2018 10:07:29 +1300 Garming Sam via samba <samba at lists.samba.org> wrote: > Hi, > > On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > > > >  The deployment works, and computers seems to interact with the > > RODCs as they should, but sometimes computers leave the domain > > after a password change. > > > >  This seems to

On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Sun, 5 May 2019 09:20:37 -0300 > Emerson Kfuri via samba <samba at lists.samba.org> wrote: > > > Hello, > > > > Recently I started using RODC servers on my environment and noticed a > > few issues with it: > > - lack of LDAP SPNs > > -

Hello, Recently I started using RODC servers on my environment and noticed a few issues with it: - lack of LDAP SPNs - "samba_dnsupdate" not working with "insufficient access rights" (it works from RWDCs) - "samba-tool dbcheck" changes instancetype of basically all objects from 4 to 0. New replicated objects continues being created with instancetype 4 and dbcheck

Hello Rowland, of course it will be started by samba, I saw this output if I run "samba -i". But I can trigger this output also by starting samba_kcc manually. Andrej -----Ursprüngliche Nachricht----- Von: Rowland Penny [mailto:rpenny at samba.org] Gesendet: Donnerstag, 9. November 2017 14:04 An: samba at lists.samba.org Cc: Andrej Gessel <Andrej.Gessel at janztec.com>

Hello everybody, if I set up a RODC in a different site with an own subnet do I have to replicate the machine-passwords with "samba-tool rodc reload host\$ --server=addc"? Or can a machine always authenticate against a RODC? Greetings Stefan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195

Hi everyone, I would like to have some input on ressources access from a workstation logged on a RODC server that has to connect on hub site servers. After login in the remote windows workstation, I have LOGONSERVER environment variable set to the local RODC server (workstation and user credentials have been preloaded). Everything works fine on local server. However if I want to connect to

On Thu, 2017-11-30 at 15:46 +0000, Andrej Gessel via samba wrote: > Hello Andrew, > > thank you for the answer. > > 1) User credentials need to be preloaded with samba-tool to be > automatically replicated later if they change, its correct? No, preloading just makes the first login faster. > 2) And if user try to login on RODC without preloaded credentials, this >

Am 22.11.18 um 17:51 schrieb Rowland Penny via samba: > On Thu, 22 Nov 2018 17:29:16 +0100 > Stefan Kania via samba <samba at lists.samba.org> wrote: > >> Hello everybody, >> >> if I set up a RODC in a different site with an own subnet do I have to >> replicate the machine-passwords with "samba-tool rodc reload host\$ >> --server=addc"? Or

Hi Garming, > As far I know, all this should work as you would expect. Quite recently, > Andrew Bartlett and I went about testing some of the behaviour of the > KDC and confirming behaviour such as RODC ticket forwarding. thanks for the input. It gives me hope to dig deeper! I have some more time to spend on this issue today, I gonna try some more scenario. > The one thing to check

> Jakob Curdes via samba<samba at lists.samba.org> wrote: > >> Hello, we have setup a SAMBA4 RODC in our setup where we have two >> exisitng RW Samba4 DC's. >> >> The RODC is joined correctly and can preload user accounts etc. It >> also can resolve its own name and the name of other DC's, also the >> SRV records needed. >> We created

Hi, I would like to join a samba 4.2.0 file server sitting in a branch office, with connection only to a RODC (and only the RODC can talk to the RWDC). Was wondering what's the workflow for doing this in samba. For Windows machines, Microsoft seems to have planned two workflows for this: 1. Use new flag to NetJoinDomain() API to join using the RODC

Hi, I installed a RODC on my mailserver to have a local authentication for mailusers on the machine which doesn't rely on a always-on-connetion to the office. The problem is now that the user-preload doesn't work so that the RODC is not able to authenticate the users itself: samba-tool rodc preload <user> --server <DC1> -U Administrator Password for [AD\Administrator]: