[Samba] samba4 internal dns Server ddns for the reverse lookup Zone
steve
steve at steve-ss.com
Fri Aug 15 16:21:19 MDT 2014
On Sat, 2014-08-16 at 00:02 +0200, Markus Roth wrote:
> Hi Steve,
>
> Update:
> I've now a sssd.conf which can start the sssd.conf daemon. But i also get
> the denied messages in the forward and reverse lookup before samba4 do the
> successfull ddns updates. Here are my configuration files:
>
> ----------------------------------------------------------------------------
> ---------------------------------------------------------------------------
>
> Sssd.conf:
> [sssd]
> config_file_version = 2
> domains = winnet.local
> services = nss, pam
> debug_level = 0
>
> [nss]
>
> [pam]
>
> [domain/winnet.local]
> ldap_referrals = false
> enumerate = false
>
> id_provider = ldap
> auth_provider = krb5
> chpass_provider = krb5
> access_provider = ldap
> ldap_schema = rfc2307bis
>
> #ldap_user_search_base = ou=user accounts,dc=ad,dc=example,dc=com
> #ldap_user_object_class = user
>
> ldap_user_home_directory = unixHomeDirectory
> ldap_user_principal = userPrincipalName
>
> #ldap_group_search_base = ou=groups,dc=ad,dc=example,dc=com
> #ldap_group_object_class = group
>
> ldap_access_order = expire
> ldap_account_expire_policy = ad
> ldap_force_upper_case_realm = true
> krb5_realm = WINNET.LOCAL
> krb5_canonicalize = false
Hi
This is not using the sssd ad backend at all. It will not do ddns
updates, neither will it pull the correct id info from AD.
You were nearly there. Did you see my other post?
Just issue:
samba-tool domain exportkeytab /etc/krb5.keytab --principal=WINNET$
and try with your original ad sssd config.
More information about the samba
mailing list