git.samba.org / nivanova / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6eb34e6) | patch
s4-drs: bring us much closer to the docs for DRS secret replication
authorAndrew Tridgell <tridge@samba.org>
Wed, 18 Aug 2010 08:38:26 +0000 (18:38 +1000)
committerAndrew Tridgell <tridge@samba.org>
Fri, 20 Aug 2010 10:34:11 +0000 (20:34 +1000)
commit4cc6b5a69b1f94d96a73ac15d58ff71d2e4febfd
treedea77563408464b03ada123475e413427464848ctree
parent6eb34e69078630f1795a75d186eccf50e1f3c683commit | diff
s4-drs: bring us much closer to the docs for DRS secret replication

The rules for when a RODC can replicate secrets are:

 - it can always replicate its own acct
 - it can also replicate its krbtgt acct
 - it can't replicate other krbtgt accts
 - it can't replicate interdomain trust accounts
 - it can't replicate users in the denied group list
 - it can replicate users in the allowed group list

otherwise it can't replicate

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
source4/rpc_server/drsuapi/getncchanges.c diff | blob | history
Nivanova's work in progress