Web lists-archives.com

Re: [Samba] Issues with RODC






On 05/06/2019 08:59 AM, Rowland Penny via samba wrote:
On Mon, 6 May 2019 08:42:03 +0200
Adam Minski <aminski316@xxxxxxxxx> wrote:



Good Morning.

I've tested RODC functionality using samba-4.9.4 and
samba-4.11.0pre1-GIT-f1a1c300e19 built on Debian 9. The builds using
the internal Heimdal KDC and the internal DNS backend.

For me there's no lack of LDAP SPNs and samba_dnsupdate works as
expected, except the GC SRV entry isn't created. But this seems
intended (why?), look at source4/scripting/bin/samba_dnsupdate line
699.

 From my understanding, samba_dnsupdate cannot write to an RODC, so it
must be forwarding the changes to an RWDC.

It does if forwarders are configured.

As for why is an RODC not a
GC, ask Microsoft, as this is the default for RODC's.

GC records are created for MS RODSs, for Samba RODCs too if you comment the block around 699.

Adam



You must configure dns forwarder to get it working.

Oh yes, dns must work.

In the Windows world DNS records of RODCs are added automatically.

Then, Samba should do this.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba