[Samba] Can SAMBA work with 2008 R2 Read Only Domain controller

hagai yaffe hagaiy at yahoo.com
Mon Jun 7 00:13:23 MDT 2010

I am sorry, I was not clear enough.
I am not planing to add the SAMBA server to the domain as a Domain Controller, I would like to add it to the domain as a domain member.
How ever, when I try to join the domain when pointing my SAMBA machine to a Microsoft Read Only domain Controller I fail with the error I have mentioned (when pointing to a normal Domain Controller this work, how ever in the planned implementation I might have access only to Microsoft RODC's for joining the domain).  
Should this work?
Best Regards,

--- On Sun, 6/6/10, hagai yaffe <hagaiy at yahoo.com> wrote:

From: hagai yaffe <hagaiy at yahoo.com>
Subject: Can SAMBA work with 2008 R2 Read Only Domain controller
To: samba at lists.samba.org
Date: Sunday, June 6, 2010, 6:12 PM

We are planing to utilize Microsoft 2008 R2 Read Only Domain controller, and deploy RODC's in branches. 
If I would like to have SAMBA servers in those branches, will I be able to add them to the domain (using "net ads join") and work with them, when using the RODC's as domain controllers configured in my smb.conf & krb5.conf?
I have looked around and did not find any documentation for SAMBA supporting / not supporting this. 
I have done some testing and failed (I got "Failed to join domain: failed to connect to AD: Decrypt integrity check failed Ok" from the "net ads join" command), before investing more time in troubleshooting I hoped that someone could assist and tell me if such a configuration is possible.
If this is not possible, it would be great to know why.
Best Regards,


More information about the samba mailing list