[cifs-protocol] 114082011718474 When creating a subdomain, who fills in hasPartialReplicaNCs?

Sreekanth Nadendla srenaden at microsoft.com
Wed Aug 20 08:28:08 MDT 2014 

Casemail in Cc
Dochelp in Bcc

Hello Andrew Bartlett,
                                       Thank you for your inquiry about Active Directory protocols. We have created incident 114082011718474 to track the investigation for this issue. One of the Open specifications team member will contact you shortly.


Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Tuesday, August 19, 2014 11:12 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org
Subject: When creating a subdomain, who fills in hasPartialReplicaNCs?

I've got Samba to the point where Samba can be a subdomain to a windows AD domain, something we have been working on for a number of years.

As context, we did some work on this at a number of previous plugfest events, and this work has been mostly to re-animate this effort, and to make it useful to end users, by having it also work for NTLM authentication.  

I've got to the point where Samba and windows both seem to think they are in a trusted domain situation, and Samba can authenticate with an account from the Windows parent domain using both NTLM and Kerberos.

Next, I need to replicate the Samba domain
(sub.ad.ruth.wgtn.cat-it.co.nz) to the AD domain (ad.ruth.wgtn.cat-it.co.nz), and vice-verca, because the both DCs should be a GC.  How do I instigate that?  

"MS-ATDS 6.1.2.3.4 DC and Partial Replica NCs Replicas" describes the end state, and it seems Windows (perhaps after a time) replicates in the Samba state, but what causes the initial replication and the update of hasPartialReplicaNCs and msDS-HasInstantiatedNCs?

I note that this was partially answered in 112062456011515 here:
https://lists.samba.org/archive/cifs-protocol/2012-July/002344.html

However, I'm still a little unclear on what I should be doing to trigger this on the Samba side of things.

Thanks,

Andrew Bartlett

--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the cifs-protocol mailing list