Re: [Samba] Issues with RODC
- Date: Mon, 6 May 2019 09:09:39 +0200
- From: Adam Minski via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Issues with RODC
On 05/06/2019 08:59 AM, Rowland Penny via samba wrote:
On Mon, 6 May 2019 08:42:03 +0200
Adam Minski <aminski316@xxxxxxxxx> wrote:
I've tested RODC functionality using samba-4.9.4 and
samba-4.11.0pre1-GIT-f1a1c300e19 built on Debian 9. The builds using
the internal Heimdal KDC and the internal DNS backend.
For me there's no lack of LDAP SPNs and samba_dnsupdate works as
expected, except the GC SRV entry isn't created. But this seems
intended (why?), look at source4/scripting/bin/samba_dnsupdate line
From my understanding, samba_dnsupdate cannot write to an RODC, so it
must be forwarding the changes to an RWDC.
It does if forwarders are configured.
As for why is an RODC not a
GC, ask Microsoft, as this is the default for RODC's.
GC records are created for MS RODSs, for Samba RODCs too if you comment
the block around 699.
You must configure dns forwarder to get it working.
Oh yes, dns must work.
In the Windows world DNS records of RODCs are added automatically.
Then, Samba should do this.
To unsubscribe from this list go to the following URL and read the