[cifs-protocol] 114082011718474 When creating a subdomain, who fills in hasPartialReplicaNCs?
srenaden at microsoft.com
Wed Aug 20 08:28:08 MDT 2014
Casemail in Cc
Dochelp in Bcc
Hello Andrew Bartlett,
Thank you for your inquiry about Active Directory protocols. We have created incident 114082011718474 to track the investigation for this issue. One of the Open specifications team member will contact you shortly.
Microsoft Windows Open Specifications
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, August 19, 2014 11:12 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: When creating a subdomain, who fills in hasPartialReplicaNCs?
I've got Samba to the point where Samba can be a subdomain to a windows AD domain, something we have been working on for a number of years.
As context, we did some work on this at a number of previous plugfest events, and this work has been mostly to re-animate this effort, and to make it useful to end users, by having it also work for NTLM authentication.
I've got to the point where Samba and windows both seem to think they are in a trusted domain situation, and Samba can authenticate with an account from the Windows parent domain using both NTLM and Kerberos.
Next, I need to replicate the Samba domain
(sub.ad.ruth.wgtn.cat-it.co.nz) to the AD domain (ad.ruth.wgtn.cat-it.co.nz), and vice-verca, because the both DCs should be a GC. How do I instigate that?
"MS-ATDS 126.96.36.199.4 DC and Partial Replica NCs Replicas" describes the end state, and it seems Windows (perhaps after a time) replicates in the Samba state, but what causes the initial replication and the update of hasPartialReplicaNCs and msDS-HasInstantiatedNCs?
I note that this was partially answered in 112062456011515 here:
However, I'm still a little unclear on what I should be doing to trigger this on the Samba side of things.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol