[Samba] R: R: R: R: samba remote site client authentication and network browsing problem

Manzini Enrico emanzini at zensistemi.com
Fri Jan 3 08:29:59 UTC 2025 

Hi Rowland, below, the servers and the remote client dns configuration

Server's dns configuration:
DC-1:
 - themself
 - DC-2

DC-2
 - themself
 - DC-1

RODC-1
 - DC-1
 - DC-2
 - themself

REMOTE-CLIENT
 - directly point as dns to the RODC-1 ip
 - nltest /dsgetdc:domain_name report RODC-1 as logon server


DNS SRV RECORDS:
The ad srv records uses default configuration


Enrico Manzini




-----Messaggio originale-----
Da: samba <samba-bounces at lists.samba.org> Per conto di Rowland Penny via samba
Inviato: giovedì 2 gennaio 2025 12:52
A: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Oggetto: Re: [Samba] R: R: R: samba remote site client authentication and network browsing problem

On Thu, 2 Jan 2025 08:25:56 +0000
Manzini Enrico <emanzini at zensistemi.com> wrote:

> Hi Rowland
> 
> I try some several test and: 
> - tried fsmo transfer from the rwdc used as replication partner to the 
> secondary dc, no luck, problem persist
> - tried join with no replication partner specification, no luck, 
> problem persist Also during the join procedure the rodc anyway find a 
> domain controller to use as a replication partner (it say "find dc 
> dc_name", and after the join procedure, we could find it as ntds rodc 
> connection object in active directory sites and services)
> 
> Also:
> - servers dns correctly configured

Are the Dcs (this includes the RODC) using themselves as their nameserver ?

> - client dns correctly configured

Are the clients (at the RODC site) using the RODC as their nameserver ?

> - client logon server correctly connected
> 	The nltest command report the correct rodc server
> 
> But the problem explained above persist
> 

If everything is correct and Windows works as expected, but Samba doesn't, then it sounds like you have found a bug, so please file a bug report, but get as much info as possible (level 10 logs, network traces etc.).

One last thing you could check, Samba uses the same 'priority' and 'weight' for all SRV records ('0' & '100'), what does Windows use ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list