[Samba] Samba4 - RODC - Credentials caching
abartlet at samba.org
Fri May 15 23:05:50 MDT 2015
On Fri, 2015-05-15 at 14:38 +0200, Mikołaj Liberski wrote:
> I looked all over the place, and cannot find current answer.
> I want to store passwords/password hashes on my RODC, so that when my DC
> (Windows) fails, my users can still connect using RODC.
> The current state that is described (by 3 years old docs) says its WIP, so
> I'm not sure what to expect?
It will appear to work in some situations, but I'm not confident, for
example, that if you change a user's password, that we will correctly
see that on the RODC. Also, preload due to a bad/missing Kerberos
password isn't implemented.
I'm sure some of our users are bold, and perhaps they have a real-world
experience, but I would like to see it backed by significantly more
tests before it was used in production.
> Also, in documentation there is no option, to allow for preloading whole
> group of users, is that correct? The only possible way is to preload 1 user
> at a time? (Only if the previous answer is "yes" ofc)
Yes, preloading is something you will have to do per-user.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba