[Samba] Do _kpasswd DNS entries determine server used for pasword changes

Thomas Schulz schulz at adi.com
Thu Mar 20 10:10:44 MDT 2014

I am trying to do something apparently unsupported in trying to use
Samba 4.1.6 as an additional Active Directory Domain Controller with
a Windows Server 2000 controller. I find that inbound replication works
but outbound replication does not. Also DNS replication is not supported
(this was noted during provisioning). In an effort to get outbound
replication working, I manually entered all of the DNS records into
the Windows 2000 server. This did not fix the outbound replication.

My worry now is that someone may change their password and that the
change will go to the Samba 4.1.6 DC. If that happens, the change will
not be replicated back to the Windows 2000 DC. If the _kpasswd DNS entries
determine which servers can be used for password changes then I think that
I could fix this problem by just removing the _kpasswd DNS entries. Does
anyone know if that will be enough?

Tom Schulz
Applied Dynamics Intl.
schulz at adi.com

More information about the samba mailing list