[Samba] Issues with RODC

Emerson Kfuri emersonkfuri at gmail.com
Sun May 5 12:20:37 UTC 2019


Recently I started using RODC servers on my environment and noticed a few
issues with it:
- lack of LDAP SPNs
- "samba_dnsupdate" not working with "insufficient access rights" (it works
from RWDCs)
- "samba-tool dbcheck" changes instancetype of basically all objects from 4
to 0. New replicated objects continues being created with instancetype 4
and dbcheck continues to change them
- "samba-tool drs showrepl" exiting with WERR_DS_DRA_ACCESS_DENIED
- "samba-tool domain tombstones expunge" is unable to expunge expired
deleted objects

My setup:
- CentOS 7.6
- Samba 4.10.2 by Sernet
- Bind 9.9
- PDC using BIND_DLZ
- RODCs using BIND native replication

I've fixed DNS and SPN records manually.

Thank you,
Emerson Kfuri <emersonkfuri at gmail.com>
PGP Key ID: 333CF069

More information about the samba mailing list