[Samba] AD RODC not being used because of missing DNS entries?

Julien Ropé jrope at linagora.com
Mon Nov 12 13:59:16 UTC 2018 

----- Original Message -----
>
> Hi,
>
> Sorry for replying too late, i did not notice until now that there was a follow up to the mail conversation.
>
Thank you for taking the time to answer - I appreciate.



> [SNIP]
> The command I used first:
>
>     # samba-tool dns add DC1 ad.example.nl _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.example.nl SRV 'DC2.ad.example.nl 88 0 100'
>
> is syntactically correct, but it inserts a wrong entry in the wrong zone.
>
> It should be done, as in my second try after a Rowland pointed it out to me, like this:
>
>     # samba-tool dns add DC1 _msdcs.ad.example.nl _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.example.nl SRV 'DC2.ad.example.nl 389 0 100'
>
> notice the different zone "_msdcs.ad.example.nl" . I had the same problem with the _ldap entry.
>
> The first (wrong) command created a wrong entry that confused everything, and me in particular.
> I don't think that (or know if) this has anything to do with your problem, but it did solve mine.

Yes, it helps : it probably explains some of the confusion while 
troubleshooting.

Again, thanks for your time.


At this point, I have to say that my client is reverting his deployment 
of Samba as a RODC - this issue on one side, and the authentication 
limitation on the other (see another thread about password updates on 
RODC) makes them cautious.

The release notes seems to show that this feature is ready, now it seems 
there is still some roadblocks for end users in production environments.


Is there any assessment of missing features and/or blocking bugs for 
samba as an RODC (apart from the two already mentioned)? Any roadmap 
related to it?

I found the following TODO related to the RODC feature, but I don't 
think it's up to date? 
https://wiki.samba.org/index.php/Samba4/DRS_TODO_List#Support_RODC


I'd like to collect as many details as possible to clarify expectations 
with users, and maybe help close the gap by contributing documentation 
and/or code where possible.


Regards,

Julien


--
Message envoyé grâce à OBM, la Communication Libre par Linagora

More information about the samba mailing list