[Samba] RODC status (was: Re: Migration of 2 samba3 PDC+OpenLDAP in one new Samba4 AD)
Denis Cardon
denis.cardon at tranquil-it-systems.fr
Thu Apr 16 02:12:04 MDT 2015
Hi Marc,
> Am 09.04.2015 um 15:37 schrieb Denis Cardon:
>> could you please develop on that RODC support? I am very curious to know
>> what should be working and what should not.
>>
>> Actually I've been using RODC with partial success: RODC join, user and
>> machine account preload (with corresponding patch), dns update throught
>> netlogon service on RWDC, connexion when RWDC is disconnected. It has
>> been running in production in our datacenter for webapp authentication
>> for months, albeit with some hicups. I has never been completly fine
>> from a stability and reproductibility point of view, and I switched it
>> back to RWDC earlier this week....
>
> Do you need a real AD RODC for that case? Or do your services just need
> to retrieve information via LDAP from AD? In the last case, you can
> setup an openLDAP proxy with read-only access:
>
> https://wiki.samba.org/index.php/Authenticating_other_services_against_AD#openLDAP_proxy_to_AD
thanks for your answer.
my question was not about setting a ldap proxy, but validating a working
scenario for an RODC server on the long run. From earlier discussion it
looks like it should works [1]. I'd like to know from your own
experience what make you say that it doesn't ?:
>>> RODC support isn't completely working yet. You shouldn't use it atm.
Thanks,
Denis
[1] https://lists.samba.org/archive/samba/2015-February/189011.html
>
>
>
> Regards,
> Marc
>
>
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
More information about the samba
mailing list