[Samba] R: samba remote site client authentication and network browsing problem
Rowland Penny
rpenny at samba.org
Mon Dec 30 17:03:20 UTC 2024
On Mon, 30 Dec 2024 16:07:31 +0000
Manzini Enrico via samba <samba at lists.samba.org> wrote:
> Hi Rowland
> We actually use RODC's because we have a customer with hub and spoke
> configuration with 4 RWDC's in the central site, and about 80 remote
> sites with RODC's deployed, all of these with low hardware security,
> sites where the machine can physically can be stolen,
Well, as I said, from my point of view, that is the only valid reason
to deploy an RODC.
> so we opted to
> use RODC's machines at the remote sites The connectivity and dns
> resolution works both fine, with or without the dc used as rodc
> replication partner is online or offline We reproduce the customer
> configuration in a internal lab and:
> - linux based deployment works only if the server used as
> replication partner during the rodc domain join is online, afterthat
> if it is offline, the problem we explained before arise
That is something I think you need to explain a bit better, joining an
RODC is no different to joining an RWDC and you do not need to specify a
replication partner for either, Samba should find the 'best' DC to join
and replicate from.
>
> We also test a remote RWDC environment, and:
> - with the remote server configured as RWDC and nota s RODC, the
> problem did not arise
That is because an RWDC will have all the AD records and can supply
these without contacting another DC, an RODC needs to 'talk' to an RWDC
to get some, if not all the required AD records, which they then
'cache'.
>
> We also test a pure windows environment from scratch and:
> - windows based deployment works fine in both cases
>
If that is the case, then I suggest you get level 10 logs and wire
traces and open a Samba bug report, a Samba AD computer should do what
a Windows one can (but be aware, Samba not doing something can be down
to lack of code to do it and you may have to wait until that code
does get created)
Rowland
More information about the samba
mailing list