[Samba] R: debian rwdc and rodc version

Manzini Enrico emanzini at zensistemi.com
Fri Jun 20 14:29:36 UTC 2025 

Hi
I've used debian 12 backports samba 4.21 not updated to 4.22
I need to use rodc, because i've some customers that have some remote sites, with low security, with machines that can be stolen, and we want to implement security practices with use of rodc's

Enrico Manzini




-----Messaggio originale-----
Da: samba <samba-bounces at lists.samba.org> Per conto di Rowland Penny via samba
Inviato: venerdì 20 giugno 2025 11:40
A: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Oggetto: Re: [Samba] debian rwdc and rodc version

On Fri, 20 Jun 2025 08:47:01 +0000
Manzini Enrico via samba <samba at lists.samba.org> wrote:

> Samba mailing list good morning
> 
> I've an internal testing infrastructure composed of
> 1 central site with 2 debian 12, samba 4.21 rwdc, and 1 windows server 
> 2012 R2 rwdc 1 remote site with 1 debian 12, samba 4.21 rodc

Now that confuses me, the standard Samba pages on Debian 12 are 4.17.12 and 4.22.2 (at present) from backports, so where did 4.21.x come from ?

> 
> Everything works fine
> 
> i've configured both the debian rwdc and rodc

Why are you using an RODC ? The only real reason for doing so is if the actually computer that the RODC is running is in danger of being stolen.

> with the parameter "ad
> dc functional level = 2012_R2" in smb.conf, and the change domain 
> controller feature in ADUC (active directory users and computers) show 
> me the "DC Version" tab for the debian rwdcs the version "Windows 
> Server 2012 R2", while the "DC Version" for the rodc still show the 
> default version of "W2k8 R2"
> 
> this configuration is in anticipation for test the raise of the domain 
> and forest functional level from "Windows Server 2008 R2" to "Windows 
> Server 2012 R2"

When you do get it to work, if you then remove the Windows DC, you should be able to get to 2016.

> 
> Perhaps i'm missing something in the rodc configuration?

Not sure, not everything is replicated to an RODC, perhaps the relevant functional parts aren't ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list