Re: [Samba] Should Samba-tool RODC preload be run periodically?
- Date: Wed, 29 Nov 2017 07:26:52 +1300
- From: Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Should Samba-tool RODC preload be run periodically?
On Tue, 2017-11-28 at 15:03 +0000, Andrej Gessel via samba wrote:
> Hello list,
> I run “samba-tool rodc preload” for multiple users. If one of this users change his password, should I repeat the preload call? (I suppose yes, I need to rerun)
> If I need to rerun samba-tool, can user login with his old password till its expire? (I suppose yes?)
The design is that we get a replication event with a blank password in
it, causing the password to be wiped locally. That triggers the next
login to go via the master DC which if successful triggers a async
replication of the new password.
So, it is meant to be safe for password change/reset, and there are
tests for this.
Thanks for asking!
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
To unsubscribe from this list go to the following URL and read the