[Samba] Issues with RODC

Adam Minski aminski316 at gmail.com
Mon May 6 07:09:39 UTC 2019



On 05/06/2019 08:59 AM, Rowland Penny via samba wrote:
> On Mon, 6 May 2019 08:42:03 +0200
> Adam Minski <aminski316 at gmail.com> wrote:
> 
> 
>>
>> Good Morning.
>>
>> I've tested RODC functionality using samba-4.9.4 and
>> samba-4.11.0pre1-GIT-f1a1c300e19 built on Debian 9. The builds using
>> the internal Heimdal KDC and the internal DNS backend.
>>
>> For me there's no lack of LDAP SPNs and samba_dnsupdate works as
>> expected, except the GC SRV entry isn't created. But this seems
>> intended (why?), look at source4/scripting/bin/samba_dnsupdate line
>> 699.
> 
>  From my understanding, samba_dnsupdate cannot write to an RODC, so it
> must be forwarding the changes to an RWDC.

It does if forwarders are configured.

As for why is an RODC not a
> GC, ask Microsoft, as this is the default for RODC's.

GC records are created for MS RODSs, for Samba RODCs too if you comment 
the block around 699.

Adam

> 
>>
>> You must configure dns forwarder to get it working.
> 
> Oh yes, dns must work.
> 
>> In the Windows world DNS records of RODCs are added automatically.
> 
> Then, Samba should do this.
> 
> Rowland
> 
> 



More information about the samba mailing list