Bug 12008 - RODCs are not read-only
Summary: RODCs are not read-only
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.4.4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2016-07-04 04:20 UTC by Bob Campbell
Modified: 2017-04-18 22:25 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Bob Campbell 2016-07-04 04:20:59 UTC
RODCs can add and delete objects from their local LDB without restriction. This is because the only relevant RODC check is only done to modifications. A side-effect of this is that the KCC creates local links from an RODC to other DCs.
Comment 1 Garming Sam 2017-04-18 22:25:09 UTC
Fixed in commit b3ba0c85ffe08c39b9144b644b6aabca4ca17dfe

Adds and deletes now cause referrals to be sent.