Andreas Oster aoster at
novanetwork.de writes:
Hello all,
I have migrated an old Win2k Active
Directory to a Samba4 only
domain. Because the provision step
has not been used I now do
not have the dns.keytab file for secure
dynamic DNS updates
with bind9. I have found a useful link
here:
http://us.generation-nt.com/answer/
samba-dns-keytab-samba4-bind9-help-
203936221.html
but I am not sure if this is the right way
to manually create
the missing AD entries and dns.keytab
file.
One thing I am worried about is, that I
do have two samba servers.
How does the ldif file need to look like
to allow both servers to
update DNS entries ?
dn: CN=dns-
smbserver,CN=Users,DC=example,DC=co
m
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
description: DNS Service Account for
smbserver
userAccountControl: 512
accountExpires: 9223372036854775807
sAMAccountName: dns-smbserver
servicePrincipalName: DNS/
smbserver1.example.com
servicePrincipalName: DNS/
smbserver2.example.com
servicePrincipalName: DNS/
example.com
clearTextPassword::
base64encodedpassword
What should the named.conf entry look
like ?
tkey-gssapi-credential DNS/
smbserver1.example.com;
tkey-domain EXAMPLE.COM;
but what about smbserver2 ?
Thank you for your kind help
best regards
Andreas
Hello all,
I have found some information in a
previous post by Andrew Bartlett. There
he pointed out, that only one samba
server can send DNS updates to bind9.
But what happens if the first server is not
functional ?
best regards
Andreas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba