[Samba] Active Directory 'add machine script' parameter
Quentin Gibeaux
qgibeaux at iris-tech.fr
Mon Jun 23 07:56:38 MDT 2014
On 23/06/2014 15:20, Rowland Penny wrote:
> On 23/06/14 14:02, Quentin Gibeaux wrote:
>> On 23/06/2014 14:22, Rowland Penny wrote:
>>> On 23/06/14 13:05, Quentin Gibeaux wrote:
>>>> On 23/06/2014 12:27, Rowland Penny wrote:
>>>>> Just what else are you likely to what to do after adding a machine
>>>>> account?
>>>> Adding hostname/ip in some list that is used by my interface to
>>>> manage static dhcp leases and accesses. This interface doesn't
>>>> manage only machines that are added to the domain, that's why it's
>>>> not listing by requesting ldap.
>>>
>>> Are you wanting/trying to add machines dns details to AD DNS for
>>> machines that are not joined to the domain ??
>>> If so, I cannot recommend doing this, the only machines that should
>>> be in AD, are machines joined to the domain
>> No, that's not what i meant. I'm not trying to include my stuff to
>> AD, but connecting AD to my stuff.
>
> Er, but no, I think that you will find that you have to do it the
> other way round, connect your stuff to AD
>
>> I'll try to keep AD clean with AD machines, but on my own interface
>> i've both AD machines and not.
>
> Just what do you mean by 'my own interface' ?? are you referring to
> your dns domain or something else.
>
I've a frontend web interface that manage hosts (name, ip, in domain or
not, and so on). I can add/remove/edit them. It then runs in backend
what needs to be run (joining domain, changing dhcp lease, and so on).
The adding of a machine to the domain through this interface still
require to join the domain on the host (for password matters), but the
computer exists on AD.
What i was doing on S3, and am trying to still do with S4 is to feed my
configuration when adding a machine to the domain through windows'
interface : when added, it adds the machine to my general hosts' list
(AD and not in AD), automatically create a static DHCP lease, add dns
entry (not necessary now, i think), and so on.
So two ways to add a machine to the domain : through my web frontend,
and through Samba. Both had the same effect on the server and the web
interface because of 'add machine script' call.
>> I think i'll stay with my own bind with bind_dlz backend : is that
>> still not recommended to have DNS entries that aren't referenced as
>> AD hosts ?
>
> If you want to use samba4 with bind9 and dhcp, I can help you there,
> but you still shouldn't have machines in the AD dns zone that are not
> joined to the AD, the recommended way is to put your AD in a sub-zone
> of your domain i.e. if your dns domain is 'example.com', use
> 'samba.example.com' for your AD domain.
>
>>
>>
>> But the main point was the DHCP leases, i used 'add machine script'
>> to update my dhcpd server's configuration to add lease for this new
>> host.
>> It was great because it was automatic, due to the fact that samba was
>> calling the script after adding machine to the domain, but if there's
>> no such trigger anymore, i'll find something else.
>
> You can use the 'net' command to join a machine to AD, this should add
> your machine to the AD forward zone, or there is msktutil or realmd
> available, neither of which I have tried, but both have their fans, so
> could be worth trying.
>
> Rowland
>
>>
>>
>>>>
>>>> So in fact, what i was doing was calling my script with %I (ip
>>>> address) and %u (user, but here hostname) to work with my backend.
>>>
>>> If on the other hand, you are not doing what I think you are doing,
>>> you could try scripting around 'samba-tool dns', see 'samba-tool dns
>>> --help' for more info.
>>>
>> I'll take a look at it, but the main problem is to launch it
>> automatically.
>>> Rowland
>>>
>>>
>> Quentin Gibeaux
>>
>
More information about the samba
mailing list