Web lists-archives.com

[Samba] Issues with RODC


Recently I started using RODC servers on my environment and noticed a few
issues with it:
- lack of LDAP SPNs
- "samba_dnsupdate" not working with "insufficient access rights" (it works
from RWDCs)
- "samba-tool dbcheck" changes instancetype of basically all objects from 4
to 0. New replicated objects continues being created with instancetype 4
and dbcheck continues to change them
- "samba-tool drs showrepl" exiting with WERR_DS_DRA_ACCESS_DENIED
- "samba-tool domain tombstones expunge" is unable to expunge expired
deleted objects

My setup:
- CentOS 7.6
- Samba 4.10.2 by Sernet
- Bind 9.9
- PDC using BIND_DLZ
- RODCs using BIND native replication

I've fixed DNS and SPN records manually.

Thank you,
Emerson Kfuri <emersonkfuri@xxxxxxxxx>
PGP Key ID: 333CF069
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba