Doc amendments for SRV and DNS ...

C.Lee Taylor leet at leenx.co.za
Wed Jan 7 10:44:51 GMT 2004 

Greetings ...

	I hope John is not going to give me too much up hill, but I have found 
a few corrections and suggestions ... here they go ...

	Section 6.2.5.2 which is some thing like ...
_ldap._tcp.pdc.ms-dcs.quenya.org, which needs to be changed to 
_ldap._tcp.pdc._msdcs.quenya.org

	Section 7.4.2 which is some think like ... All ADS domains will 
automatically create SRV records in the DNS zone _kerberos.REALM.NAME 
for each KDC in the realm, then _kerberos.REALM.NAME needed to be 
changed to _kerberos._tcp.dc._msdcs.quenya.org

with better explaination at
http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.1/doc/krb5-install.html#Hostnames%20for%20the%20Master%20and%20Slave%20KDCs

	Section 7.4.6, we might need to relook at this, because I see my Win2K3 
server has SRV for _kerberos._tcp and _ldap._tcp but not _kerberos._udp, 
so I wonder for M$ support the udp options, or if it would work out of 
the box better if we give intructions on how to put these records in ...

	Section 7.6.1, I have a not to look at "nbtstat -RR" and "nbtstat -c" 
to help with this ... but will have to see what I meant with this ... 
sorry ...

	Section 7.6.3, might be worth stating that Samba 3.0.1 has this has the 
default, and should not need to be set, but double checking with 
"testparm -s -v |grep spnego" is also good ...

	Section 10.3.3, a few things need to be corrected, and some things need 
to be explained better ...

	_ldap._tcp.pdc.ms-dcs.Domain need to be changed to 
_ldap._tcp.pdc._msdcs.Domain

	also can be added
_ldap._tcp.dc._msdcs.Domain can return all the Domain Controllers

	Maybe a link to http://support.microsoft.com/?kbid=241515 which 
explains how to verify SRV records ... and also give a command line 
explain, like ...

dig @10.1.1.16 -t any _ldap._tcp.dc._msdcs.quenya.org

; <<>> DiG 9.2.2-P3 <<>> @10.1.1.16 -t any _ldap._tcp.dc._msdcs.quenya.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3072
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
 

;; QUESTION SECTION:
;_ldap._tcp.dc._msdcs.quenya.org. IN        ANY
 

;; ANSWER SECTION:
_ldap._tcp.dc._msdcs.quenya.org. 600 IN SRV 0 100 389 naszadc01.quenya.org.
_ldap._tcp.dc._msdcs.quenya.org. 600 IN SRV 0 100 389 naszadc02.quenya.org.
 

;; ADDITIONAL SECTION:
naszadc01.quenya.org. 3600  IN      A       10.1.1.16
naszadc02.quenya.org. 1200  IN      A       10.1.1.17
 

;; Query time: 0 msec
;; SERVER: 10.1.1.16#53(10.1.1.16)
;; WHEN: Wed Jan  7 12:29:32 2004
;; MSG SIZE  rcvd: 173

	Also, everthing below _ldap._tcp.pdc.ms-dcs.DomainTree does not work 
for me, maybe again, we could put in a few examples ... I would like to 
understand these other options better.

Mailed
Lee

More information about the samba-technical mailing list