Working with Read Only Domain Controllers(RODC).
Hemanth Thummala
hemanth.thummala at gmail.com
Wed Jan 14 11:47:21 MST 2015
Volker,
I am not sure if I understood your question correctly.
I believe we do not read(atleast in 3.6.12 version) the DC
properties(read-only/writable) during net join. If we chose(with auto
discovery) RODC during net join, it is going to be failed with
STATUS_NOT_SUPPORTED error as we attempt create the computer(member server)
object on rodc which is not permitted.
If we contact writable DC, we found that adding the computer account to
"Allowed RODC password replication" group is mandatory. Without that
winbindd trust secret checks were failing.
Thanks,
Hemanth.
On Tue, Jan 13, 2015 at 11:29 PM, Volker Lendecke <Volker.Lendecke at sernet.de
> wrote:
> On Tue, Jan 13, 2015 at 04:35:54PM -0800, Hemanth Thummala wrote:
> > Hi ,
> >
> > We are currently using samba 3.6.12 stack and uses windows active
> directory
> > for authentication.
> >
> > While working with RODCs, we have learned that we need to perform some
> > manual steps in order to communicate with Read Only DCs consistently.
> >
> > Basically we found people start working with RODCs in two ways.
>
> Thanks for that intro!
>
> My question would be: Can't we make this transparent in net
> join?
>
> Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de
>
More information about the samba-technical
mailing list