[Samba] Can SAMBA work with 2008 R2 Read Only Domain controller

hagai yaffe hagaiy at yahoo.com
Sun Jun 6 09:12:42 MDT 2010

We are planing to utilize Microsoft 2008 R2 Read Only Domain controller, and deploy RODC's in branches. 
If I would like to have SAMBA servers in those branches, will I be able to add them to the domain (using "net ads join") and work with them, when using the RODC's as domain controllers configured in my smb.conf & krb5.conf?
I have looked around and did not find any documentation for SAMBA supporting / not supporting this. 
I have done some testing and failed (I got "Failed to join domain: failed to connect to AD: Decrypt integrity check failed Ok" from the "net ads join" command), before investing more time in troubleshooting I hoped that someone could assist and tell me if such a configuration is possible.
If this is not possible, it would be great to know why.
Best Regards,


More information about the samba mailing list