[Samba] R: R: R: R: R: samba remote site client authentication and network browsing problem

Manzini Enrico emanzini at zensistemi.com
Fri Jan 3 10:28:53 UTC 2025

Hi Rowland,

i've modified, the dns like below:
 - themself
 - DC-1
 - DC-2

DC-1 And DC-2 dns configuration not modified

But the problems remains
 - samba-tool drs replicate rodc-1 dc-2 dc=scratch,dc=lan -U administrator did not replicate
 - network browsing anyway require authentication and not work

Enrico Manzini

-----Messaggio originale-----
Da: samba <samba-bounces at lists.samba.org> Per conto di Rowland Penny via samba
Inviato: venerdì 3 gennaio 2025 10:06
A: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Oggetto: Re: [Samba] R: R: R: R: samba remote site client authentication and network browsing problem

On Fri, 3 Jan 2025 08:29:59 +0000
Manzini Enrico <emanzini at zensistemi.com> wrote:

> Hi Rowland, below, the servers and the remote client dns configuration
> Server's dns configuration:
> DC-1:
>  - themself
>  - DC-2
> DC-2
>  - themself
>  - DC-1
> RODC-1
>  - DC-1
>  - DC-2
>  - themself

In my opinion, all Samba AD DCs should only have themselves as their nameserver, if something goes wrong, can you really rely on what it returns if it is coming from another DC ?

When we come to your RODC, well it is looks to me that your clients are asking the RODC for domain records and the RODC is going 'hang on, I will ask DNS and, when it is online, DC-1 returns the info and the RODC passes it to the client. When DC-1 is offline (which probably means that DC-2 is as well), the client asks for a domain record, the RODC asks DC-1 for the data, only it cannot find DC-1, so it waits for about
30 seconds and then tries DC-2, waits for about 30 seconds and then finally tries itself and you 'may' get an answer if that record has replicated.

Please fix your DNS.


PS: Please do not CC me

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list