[Samba] Cannot authenticate via rodc
adam_xu at adagene.com.cn
Thu Jan 14 09:41:09 UTC 2021
I found a strange behavior when I authenticate via RODC.
Suppose there is a user tom. I preload his credential via:
samba-tool rodc preload tom --server=dc1 -Uadministrator
then I changed tom's password in AD Users and Computers tool.
I do the following step:
1、I try to login a firewall which use rodc as a ldap server. I got error
"NT_STATUS_REQUEST_NOT_ACCEPTED" in json audit log.
2、when I try to login a windows domain member via tom's credentia. It
successed. and I got "NT_STATUS_OK" in json audit log.
3、I try to login the firewall again. this time, I successed.
It seems that if the device is not a windows domain member, it can not
authenticated if the password was changed. Why?
More information about the samba