[Samba] Issues with RODC
aminski316 at gmail.com
Mon May 6 06:42:03 UTC 2019
On 05/05/2019 05:14 PM, Emerson Kfuri via samba wrote:
> Hi Rowland,
> Thanks for you answer, specially on a sunday! :-)
> On Sun, May 5, 2019 at 11:31 AM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>> On Sun, 5 May 2019 10:13:07 -0300
>> Emerson Kfuri <emersonkfuri at gmail.com> wrote:
>>> On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba <
>>> samba at lists.samba.org> wrote:
>>>> On Sun, 5 May 2019 09:20:37 -0300
>>>> Emerson Kfuri via samba <samba at lists.samba.org> wrote:
>>>>> Recently I started using RODC servers on my environment and
>>>>> noticed a few issues with it:
>>>>> - lack of LDAP SPNs
>>>>> - "samba_dnsupdate" not working with "insufficient access
>>>>> rights" (it works from RWDCs)
>>>> Probably because you cannot write to an RODC
>>> Yes! That's the idea! But if these records are not automatically
>>> registered, means admin always have to add them manually. This should
>>> be documented so...
>> In the Samba world, working RODC's are relatively new, so things like
>> this are still being found.
> Yeah! My intuit is just to point out my experience with it. It is my first
> time with RODC too. :-)
> I don't know how it works on Windows. Do you know if, on a Window Server,
> DNS records of RODC are added automatically or manually?
> But at least for now, I think manually register should be documented so
> RODCs can function properly, right?
I've tested RODC functionality using samba-4.9.4 and
samba-4.11.0pre1-GIT-f1a1c300e19 built on Debian 9. The builds using the
internal Heimdal KDC and the internal DNS backend.
For me there's no lack of LDAP SPNs and samba_dnsupdate works as
expected, except the GC SRV entry isn't created. But this seems intended
(why?), look at source4/scripting/bin/samba_dnsupdate line 699.
You must configure dns forwarder to get it working.
In the Windows world DNS records of RODCs are added automatically.
More information about the samba