Re: [Samba] Issues with RODC

On Mon, 6 May 2019 08:42:03 +0200
Adam Minski <aminski316@xxxxxxxxx> wrote:

> Good Morning.
> I've tested RODC functionality using samba-4.9.4 and 
> samba-4.11.0pre1-GIT-f1a1c300e19 built on Debian 9. The builds using
> the internal Heimdal KDC and the internal DNS backend.
> For me there's no lack of LDAP SPNs and samba_dnsupdate works as 
> expected, except the GC SRV entry isn't created. But this seems
> intended (why?), look at source4/scripting/bin/samba_dnsupdate line
> 699.

>From my understanding, samba_dnsupdate cannot write to an RODC, so it
must be forwarding the changes to an RWDC. As for why is an RODC not a
GC, ask Microsoft, as this is the default for RODC's.

> You must configure dns forwarder to get it working.

Oh yes, dns must work.

> In the Windows world DNS records of RODCs are added automatically.

Then, Samba should do this.


