Prev: [Samba] Can SAMBA work with 2008 R2 Read Only Domain controller
Next: [Samba] Windows 7 Home to Ubuntu 10.4 Samba 3.4.7 Access denied
From: Serge Fonville on 6 Jun 2010 11:30 Hi, Have you read http://wiki.samba.org/index.php/Samba4_joining_a_domain ? # Samba4 joining a domain as a RODC HTH Regards, Serge Fonville On Sun, Jun 6, 2010 at 5:12 PM, hagai yaffe <hagaiy(a)yahoo.com> wrote: > Hello, > > We are planing to utilize Microsoft 2008 R2 Read Only Domain controller, and deploy RODC's in branches. > > If I would like to have SAMBA servers in those branches, will I be able to add them to the domain (using "net ads join") and work with them, when using the RODC's as domain controllers configured in my smb.conf & krb5.conf? > > I have looked around and did not find any documentation for SAMBA supporting / not supporting this. > > I have done some testing and failed (I got "Failed to join domain: failed to connect to AD: Decrypt integrity check failed Ok" from the "net ads join" command), before investing more time in troubleshooting I hoped that someone could assist and tell me if such a configuration is possible. > > If this is not possible, it would be great to know why. > > Best Regards, > Hagai > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: hagai yaffe on 7 Jun 2010 02:20 Hello, I am sorry, I was not clear enough. I am not planing to add the SAMBA server to the domain as a Domain Controller, I would like to add it to the domain as a domain member. How ever, when I try to join the domain when pointing my SAMBA machine to a Microsoft Read Only domain Controller I fail with the error I have mentioned (when pointing to a normal Domain Controller this work, how ever in the planned implementation I might have access only to Microsoft RODC's for joining the domain). Should this work? Best Regards, Hagai --- On Sun, 6/6/10, hagai yaffe <hagaiy(a)yahoo.com> wrote: From: hagai yaffe <hagaiy(a)yahoo.com> Subject: Can SAMBA work with 2008 R2 Read Only Domain controller To: samba(a)lists.samba.org Date: Sunday, June 6, 2010, 6:12 PM Hello, We are planing to utilize Microsoft 2008 R2 Read Only Domain controller, and deploy RODC's in branches. If I would like to have SAMBA servers in those branches, will I be able to add them to the domain (using "net ads join") and work with them, when using the RODC's as domain controllers configured in my smb.conf & krb5.conf? I have looked around and did not find any documentation for SAMBA supporting / not supporting this. I have done some testing and failed (I got "Failed to join domain: failed to connect to AD: Decrypt integrity check failed Ok" from the "net ads join" command), before investing more time in troubleshooting I hoped that someone could assist and tell me if such a configuration is possible. If this is not possible, it would be great to know why. Best Regards, Hagai -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Jason Haar on 2 Jul 2010 00:50
This is a "me too". We just installed a new CentOS server (running self-compiled samba-3.5.4 from samba.org) into a remote site that only has a RODC and although the domain join appeared to work fine, every few hours it "drops off" the domain. i.e. "net ads join" worked "net ads testjoin" worked but then hours later "net ads testjoin" returns "Failed to join domain: failed to connect to AD: Decrypt integrity check failed Ok" Strangely enough, if I then do net ads testjoin -S real.remote.dc that works just fine. Even stranger, immediately doing "net ads testjoin" starts working again - for a few hours It looks like the RODC (I know this error occurs with the RODC - "-d9" shows it) is returning some kind of unexpected errocode when objects aren't in its cache - and Samba freaks? Note to Serge: I think hagai is - like me - referring to Samba as a domain member - not as a domain controller. Jason On 06/07/2010 03:19 AM, Serge Fonville wrote: > Hi, > > Have you read http://wiki.samba.org/index.php/Samba4_joining_a_domain ? > # Samba4 joining a domain as a RODC > > HTH > > Regards, > > Serge Fonville > > On Sun, Jun 6, 2010 at 5:12 PM, hagai yaffe <hagaiy(a)yahoo.com> wrote: >> Hello, >> >> We are planing to utilize Microsoft 2008 R2 Read Only Domain controller, and deploy RODC's in branches. >> >> If I would like to have SAMBA servers in those branches, will I be able to add them to the domain (using "net ads join") and work with them, when using the RODC's as domain controllers configured in my smb.conf & krb5.conf? >> >> I have looked around and did not find any documentation for SAMBA supporting / not supporting this. >> >> I have done some testing and failed (I got "Failed to join domain: failed to connect to AD: Decrypt integrity check failed Ok" from the "net ads join" command), before investing more time in troubleshooting I hoped that someone could assist and tell me if such a configuration is possible. >> >> If this is not possible, it would be great to know why. >> >> Best Regards, >> Hagai >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |