[Samba] Samba4 - RODC - Credentials caching

Andrew Bartlett abartlet at samba.org
Fri May 15 23:05:50 MDT 2015

On Fri, 2015-05-15 at 14:38 +0200, Mikołaj Liberski wrote:
> I looked all over the place, and cannot find current answer.
> I want to store passwords/password hashes on my RODC, so that when my DC
> (Windows) fails, my users can still connect using RODC.
> The current state that is described (by 3 years old docs) says its WIP, so
> I'm not sure what to expect?

It will appear to work in some situations, but I'm not confident, for
example, that if you change a user's password, that we will correctly
see that on the RODC.  Also, preload due to a bad/missing Kerberos
password isn't implemented. 

I'm sure some of our users are bold, and perhaps they have a real-world
experience, but I would like to see it backed by significantly more
tests before it was used in production. 

> Also, in documentation there is no option, to allow for preloading whole
> group of users, is that correct? The only possible way is to preload 1 user
> at a time? (Only if the previous answer is "yes" ofc)

Yes, preloading is something you will have to do per-user.  

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list