Bug 12008 - RODCs are not read-only
RODCs are not read-only
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.4.4
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-07-04 04:20 UTC by Bob Campbell
Modified: 2017-04-18 22:25 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bob Campbell 2016-07-04 04:20:59 UTC
RODCs can add and delete objects from their local LDB without restriction. This is because the only relevant RODC check is only done to modifications. A side-effect of this is that the KCC creates local links from an RODC to other DCs.
Comment 1 Garming Sam 2017-04-18 22:25:09 UTC
Fixed in commit b3ba0c85ffe08c39b9144b644b6aabca4ca17dfe

Adds and deletes now cause referrals to be sent.