[Samba] RODC between samba v4 servers

Andreas Calvo flipy.bcn at gmail.com
Thu Jul 25 08:33:08 MDT 2013

I'm preparing a lab to test the scenario in which a remote office uses a
RODC to cache all users/computers/GPOs from a DC.
I've set up a environment with all requirements (two subnets, one with a DC
and the other with a RODC).
I've joined the domain with a windows machine to the RODC subnet with both
DCs being up.

Using the windows tools (DSA), I've placed a user account and the machine
account inside the Allowed password replication group.

I've switched off the master DC, and tried to login with the cached user in
the cached computer, but it failed.

I've preloaded (samba-tool rodc preload) both the user account and the
machine account in the RODC, without luck.

I've a couple of questions:
- Does samba 4.0.7 supports caching passwords for users?
- What is the preload command for? Caching of passwords?

The following link (
talks about setting up the Next Closest DC in the network in the DC
settings to allow RODCs to be trusted, should this be performed as well?
Or is it enough to set it up as a GPO?

More information about the samba mailing list