[Samba] RODC and LDAP via Simple Authentication fails

Andrew Bartlett abartlet at samba.org
Mon Jan 22 20:08:57 UTC 2018

On Mon, 2018-01-22 at 20:56 +0100, Johannes Engel via samba wrote:
> Hi Andrew,
> I am deeply impressed by your speed! :D
> The RODC is actually Samba 4.7.4, the other DCs are still on 4.6.12.
> Any suggestion how I can debug this w/o setting everything on level 10? ;)

Just turn up the logs one level at a time until something comes out.  

Upgrading the other DCs to 4.7 (carefully, per my other mail) might
help, as it would then match what our tests do, but I can't think of
how exactly.  

In the long run it will ensure that the bad password count and lockout
is correctly handled. 

Samba 4.8 will make this a little easier to debug because 'auth' is now
accepted as a debug class in the AD DC, so you can see those logs more
specifically with something like 'log level = 3 auth:5 winbind:5'.

I hope this helps,

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list