[Samba] R: R: samba remote site client authentication and network browsing problem

Rowland Penny rpenny at samba.org
Tue Dec 31 10:36:51 UTC 2024


On Tue, 31 Dec 2024 09:42:05 +0000
Manzini Enrico via samba <samba at lists.samba.org> wrote:

> Ok, but why if i browse the network from the client with the remote
> rodc and the rwdc used as replication partner for rodc join online,
> everything work as expected, but if i shutdown the rwdc used for rodc
> join replication partner offline,  client no work anymore?
> 

Possibly because the RODC is hard wired to use its replication partner
for passwords ? 
Is dns setup correctly ?

> The join command for the remote rodc RODC-1 is:
> samba-tool domain join scratch.lan RODC  --server=dc-1.scratch.lan
> --realm=SCRATCH.LAN --site=REMOTE --option='idmap_ldb:use rfc2307 =
> yes' -U administrator -W SCRATCH
> 

You shouldn't have to use '--server=' to join, Samba should find the
best DC to use. Once the RODC is joined, it should use itself as its
first nameserver.

> The situation is as follow (client rebooted):
> RODC-1 and DC-1 online:
> Client can browse network as expected, for example it can parse DC-2
> (the second dc in the central site) shares (netlogon and sysvol) in
> single sign on RODC-1 shell: 'samba-tool drs replicate rodc-1 dc-1
> dc=scratch,dc=lan -U administrator' works fine 'samba-tool drs
> replicate rodc-1 dc-2 dc=scratch,dc=lan -U administrator' works fine
> 
> RODC-1 online and DC-1 offline:
> Client no works anymore, and cannot parse DC-2 shares

Is the client using the RODC has its nameserver ?

> RODC-1 shell:
> 'samba-tool drs replicate rodc-1 dc-2 dc=scratch,dc=lan -U
> administrator' does not work anymore
> 

If the link is up and dns is correct, it should be able to replicate.

> ADDITIONAL INFORMATION
> We also make a specular test with a pure microsoft windows
> infrastructure (2 dc's in a central site, and a remote site's rodc),
> and the problem did not arise
> 

If you are sure that your dns is correct and the only difference is
that Windows works and Samba doesn't, then I suggest you file a bug
report.

Rowland



More information about the samba mailing list