RODC and the samba_kcc code

Andrew Bartlett abartlet at
Tue Jul 29 04:22:09 MDT 2014

On Tue, 2014-07-29 at 12:19 +0200, Stefan (metze) Metzmacher wrote:
> Am 29.07.2014 12:16, schrieb Andrew Bartlett:

> > I've been working with Garming to get wintest up and going again, and a
> > successful wintest run would be part of my criteria, so we know we
> > didn't break something subtle.  We already found other subtle and
> > unexpected breakages, such as the python samba_kcc breaking RODC
> > support, for example.
> Is it related to ?

It seems it is up to the KCC to set the SPECIAL_SECRETS_PROCESSING mode
in the repsFrom, and the samba_kcc has no such code, while the old
implementation does check an is_rodc flag.  

That said, the other bugs probably don't help either.

Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list