Web lists-archives.com

Re: [Samba] AD RODC not being used because of missing DNS entries?





----- Original Message -----

Hi,

Sorry for replying too late, i did not notice until now that there was a follow up to the mail conversation.

Thank you for taking the time to answer - I appreciate.



[SNIP]
The command I used first:

    # samba-tool dns add DC1 ad.example.nl _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.example.nl SRV 'DC2.ad.example.nl 88 0 100'

is syntactically correct, but it inserts a wrong entry in the wrong zone.

It should be done, as in my second try after a Rowland pointed it out to me, like this:

    # samba-tool dns add DC1 _msdcs.ad.example.nl _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.example.nl SRV 'DC2.ad.example.nl 389 0 100'

notice the different zone "_msdcs.ad.example.nl" . I had the same problem with the _ldap entry.

The first (wrong) command created a wrong entry that confused everything, and me in particular.
I don't think that (or know if) this has anything to do with your problem, but it did solve mine.

Yes, it helps : it probably explains some of the confusion while troubleshooting.

Again, thanks for your time.


At this point, I have to say that my client is reverting his deployment of Samba as a RODC - this issue on one side, and the authentication limitation on the other (see another thread about password updates on RODC) makes them cautious.

The release notes seems to show that this feature is ready, now it seems there is still some roadblocks for end users in production environments.


Is there any assessment of missing features and/or blocking bugs for samba as an RODC (apart from the two already mentioned)? Any roadmap related to it?

I found the following TODO related to the RODC feature, but I don't think it's up to date? https://wiki.samba.org/index.php/Samba4/DRS_TODO_List#Support_RODC


I'd like to collect as many details as possible to clarify expectations with users, and maybe help close the gap by contributing documentation and/or code where possible.


Regards,

Julien


--
Message envoyé grâce à OBM, la Communication Libre par Linagora

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba