[Samba] Cannot authenticate via rodc

Adam Xu adam_xu at adagene.com.cn
Thu Jan 14 09:41:09 UTC 2021

Hello everybody

I found a strange behavior when I authenticate via RODC.

Suppose there is a user tom. I preload his  credential via:

samba-tool rodc preload tom --server=dc1 -Uadministrator

then I changed tom's password in AD Users and Computers tool.

I do the following step:

1、I try to login a firewall which use rodc as a ldap server. I got error 

2、when I try to login a windows domain member via tom's credentia. It 
successed. and I got "NT_STATUS_OK" in json audit log.

3、I try to login the firewall again. this time, I successed.

It seems that if the device is not a windows domain member, it can not 
authenticated if the password was changed. Why?

More information about the samba mailing list