[Samba] RODC status (was: Re: Migration of 2 samba3 PDC+OpenLDAP in one new Samba4 AD)

Denis Cardon denis.cardon at tranquil-it-systems.fr
Thu Apr 16 02:12:04 MDT 2015

Hi Marc,

> Am 09.04.2015 um 15:37 schrieb Denis Cardon:
>> could you please develop on that RODC support? I am very curious to know
>> what should be working and what should not.
>> Actually I've been using RODC with partial success: RODC join, user and
>> machine account preload (with corresponding patch), dns update throught
>> netlogon service on RWDC, connexion when RWDC is disconnected. It has
>> been running in production in our datacenter for webapp authentication
>> for months, albeit with some hicups. I has never been completly fine
>> from a stability and reproductibility point of view, and I switched it
>> back to RWDC earlier this week....
> Do you need a real AD RODC for that case? Or do your services just need
> to retrieve information via LDAP from AD? In the last case, you can
> setup an openLDAP proxy with read-only access:
> https://wiki.samba.org/index.php/Authenticating_other_services_against_AD#openLDAP_proxy_to_AD

thanks for your answer.

my question was not about setting a ldap proxy, but validating a working 
scenario for an RODC server on the long run. From earlier discussion it 
looks like it should works [1]. I'd like to know from your own 
experience what make you say that it doesn't ?:

 >>> RODC support isn't completely working yet. You shouldn't use it atm.



[1] https://lists.samba.org/archive/samba/2015-February/189011.html

> Regards,
> Marc

Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0)

More information about the samba mailing list