[Samba] Samba 4.8 RODC not working

[Gaetan SLONGO]

Hi Rowaland, 


I read the doc. 
The reason is the usual one. We need authentication inside the DMZ zone and do not want any modification from this zone. We also need a fileserver into this zone where corporate users can log-in. We are asked to keep the solution simple, easy to understand an maintain. I can force authentication to this DC instead of choosing the DC "randomly". 


So, do you see better solution than RODC ? 


Thanks ! 

----- Mail original -----

De: "Rowland Penny via samba" <samba at lists.samba.org> 
À: samba at lists.samba.org 
Envoyé: Mercredi 13 Juin 2018 13:18:15 
Objet : Re: [Samba] Samba 4.8 RODC not working 

On Wed, 13 Jun 2018 12:28:23 +0200 (CEST) 
Gaetan SLONGO <gslongo at it-optics.com> wrote: 

> Hi Rowland, 
> 
> 
> I have no homes share. As far as I know I should not have that share 
> on a DC ..? 

Then don't worry about it, I was just checking if you had one. 

> 
> 
> Regarding the security consideration for a DMZ zone, what do you 
> suggest instead of putting a RODC in it ? 

The real question is, why do you want to put your AD into a DMZ ? 
I suggest you read this: 

https://www.linkedin.com/pulse/active-directory-dmz-nuts-marcus-rivera 

> 
> Note : Yes I can ping DC, there is no routing / firewalling issue 
> (validated). 

Then I fall back to, you need more help than this list can provide, 
contact Sernet or Tranquil IT or anybody who knows Linux and Samba and 
can spend time (and your money) on this problem. 

Rowland 

-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 



-- 




www.it-optics.com 
	
Gaëtan SLONGO | Head of Infrastructure Department 
Boulevard Initialis, 28 - 7000 Mons, BELGIUM 
Company : 	+32 (0)65 84 23 85 
Direct : 	+32 (0)65 32 85 88 
Fax : 	+32 (0)65 84 66 76 
Skype ID : 	gslongo.pro 
GPG Key : 	gslongo-gpg_key.asc 
	

- Please consider your environmental responsibility before printing this e-mail -