Alexander R. Fahrutdinov wrote:
В сообщении от 30 июля 2010 09:39:05 автор Alexander R. Fahrutdinov написал:
В сообщении от 29 июля 2010 17:05:53 автор k.maksimov написал:
Alexander R. Fahrutdinov wrote:
В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov
написал:
В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал:
Alexander R. Fahrutdinov wrote:
В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал:
Anton wrote:
On 28 July 2010 01:45, k.maksimov <k.maksi...@butb.by> wrote:
I have two networks: 192.168.1.0 with netmask 255.255.255.0 and
172.16.0.0 with netmask 255.255.254.0, when I join in domain in
first network hostname registered successfully, but in second
network:
sudo net ads join -U admin
Enter admin's password:
Using short domain name -- BUTB
Joined 'TH-2-011' to realm 'butb.by'
DNS update failed!
As far as I can tell (I'm not entirely certain though) this is an
Active Directory / Windows Server configuration issue around
loosening permissions enough for the DHCP service to update the
DNS records.
I don't know exactly what settings need to be configured though,
as I didn't manage to get it working either. In the end I decided
to keep the standard security and just use static IPs and DNS
records for winbind machines.
I'm use static IP and I haven't DHCP. and this problem not an AD:
Windows machines successfully update DNS.
also I have ~200 machines and I can't add every DNS record
manually.
It seems, secure DNS update has broken in samba. I tried to use
different versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got
an error during DNS update, in spite of "wbinfo -t" and "net ads info"
commands output was OK.
Secure DNS update via nss-update script has sucssefully completed, but
it requires a domain admin creditionals.
Guys from http://rc.quest.com/topics/ddns/old.php create a patch for
nss- update and GSSAPI library to use machine account instead admin
one, but I don't try this.
So, I don't promise to disable the secure DNS update, because it
decrease AD security.
Perghaps, somebody tell us, what we doing wrong?
Earlier I tested DNS update on samba package included in Debian Etch,
Lenny and testing Debian branch.
Now I download CentOS distribution and try to update DNS via "net ads
dns register -P" command. I'm surprised when command reports
"Successfully registered hostname with DNS" with samba 3.0.33 and
3.5.4 versions.
So, it isn't samba problem, but problem of specific distribution.
And what's your distribution?
I'm use Linux Mint 9 (based on Ubuntu 10.4), samba is 3.4.7, and in
network 192.168.1.0/24 dns updated successfully via "net ads dns
register -P". So, it's samba problem:)
Now I trying to update DNS from CentOS with two NICs: 192.168.33.131 and
10.0.3.15, and both addresses is being added to DNS sucsessfully.
PS: "net ads dns register -P"
So, my tests:
Debian Etch:
samba & winbind 3.2.5-4~bpo41+1
libkrb53 1.4.4-7etch6
.>net ads dns register -P
.>Successfully registered hostname with DNS
Debian Lenny:
samba & winbind 3.4.8~dfsg-2~bpo50+1 and 3.2.5-4lenny12 (work with
both)
libkrb53 1.6.dfsg.4~beta1-5lenny4
.>net ads dns register -P
.>Successfully registered hostname with DNS
Debian Sid/Unstable (my case)
samba & winbind 3.4.8~dfsg-2 and 3.5.4~dfsg-1 (not work with both)
libkrb53 1.8.1+dfsg-5
.>net ads dns register -P
.>DNS update failed!
I try CentOS, Suse and Slackware, and ever, in second network, DNS
wasn't update. :(
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
