[Samba] Is RODC password replication different from the windows version by design or is it a bug?

Adam Minski aminski316 at gmail.com
Fri Mar 29 09:16:25 UTC 2019

On 03/28/2019 05:32 PM, Rowland Penny via samba wrote:


>> Should the samba RDOC act like the windows version or is it different
>> by design?
> Yes it should and there is a bug report for something similar already,
> see here: https://bugzilla.samba.org/show_bug.cgi?id=13377
> I know that is for members of the denied group, but the substance is
> the same, users are not getting authenticated on a RODC from a RWDC.
> Can you please add to that bug report ?
> Rowland

Thanks Rowland, that's exactly the topic. Garming Sam has commented it 
yesterday, the issue is that kerberos forwarding isn't implemented for 
now. That is exactly what wee seeing, authentication works __after__ 
(from the second attempt on) the initial password sync is done, the 
first attempt isn't proxied.


More information about the samba mailing list