The Samba-Bugzilla – Bug 9089
Samba 4.0 as an AD DC does not record password replications made to an RODC
Last modified: 2017-04-04 05:05:32 UTC
We are meant to make a record in the directory of what passwords we replicate to a Read Only DC so that if it is compromised, the admin knows how badly it the domain is compromised.
As we don't plan to advertise AD replication for 4.0 I think it shouldn't be a blocker for the release.
This is related to replication, multi-dc-setups. Hence this should not block
the 4.0.0 release. Moving this to the 4.1 tracking bug....
Any news on this one?
root@DC2:~# samba-tool drs replicate AD1 DC2 dc=ad,dc=ju,dc=edu,dc=et
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:AD1[1024,seal] NT_STATUS_LOGON_FAILURE
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to AD1 failed - drsException: DRS connection to AD1 failed: (-1073741715, 'Logon failure')
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", line 39, in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line 54, in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server, e))
At the time I want to start replication using the above command it displays the above error,how can I fix the problem.
msDS-RevealedUsers was implemented in commit a9e38304730c8e70f043fa41ee15c200a234b9e6
For other RODC replication issues or other auditing attributes, a new bug should be opened.