Re: [Samba] machine account on RODC
- Date: Thu, 22 Nov 2018 16:51:39 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] machine account on RODC
On Thu, 22 Nov 2018 17:29:16 +0100
Stefan Kania via samba <samba@xxxxxxxxxxxxxxx> wrote:
> Hello everybody,
> if I set up a RODC in a different site with an own subnet do I have to
> replicate the machine-passwords with "samba-tool rodc reload host\$
> --server=addc"? Or can a machine always authenticate against a RODC?
It is my understanding that an RODC never really does authentication
like a normal RWDC. When authentication is asked for, the RODC first
checks its cache and if the required data is cached, authentication is
granted. If it isn't cached, an RWDC is queried which authenticates
the request, if appropriate, and the RODC then, if configured to do
so, asks for the password to be replicated to the RODC.
Pre-loading passwords just speeds things up initially, but you will
have to consider whether you really need the passwords on an RODC,
this sort of defeats the point of an RODC.
To unsubscribe from this list go to the following URL and read the