[Samba] Issues with RODC
aminski316 at gmail.com
Mon May 6 07:09:39 UTC 2019
On 05/06/2019 08:59 AM, Rowland Penny via samba wrote:
> On Mon, 6 May 2019 08:42:03 +0200
> Adam Minski <aminski316 at gmail.com> wrote:
>> Good Morning.
>> I've tested RODC functionality using samba-4.9.4 and
>> samba-4.11.0pre1-GIT-f1a1c300e19 built on Debian 9. The builds using
>> the internal Heimdal KDC and the internal DNS backend.
>> For me there's no lack of LDAP SPNs and samba_dnsupdate works as
>> expected, except the GC SRV entry isn't created. But this seems
>> intended (why?), look at source4/scripting/bin/samba_dnsupdate line
> From my understanding, samba_dnsupdate cannot write to an RODC, so it
> must be forwarding the changes to an RWDC.
It does if forwarders are configured.
As for why is an RODC not a
> GC, ask Microsoft, as this is the default for RODC's.
GC records are created for MS RODSs, for Samba RODCs too if you comment
the block around 699.
>> You must configure dns forwarder to get it working.
> Oh yes, dns must work.
>> In the Windows world DNS records of RODCs are added automatically.
> Then, Samba should do this.
More information about the samba