[Samba] missing dns records? _ldaps._tcp ?
Rowland Penny
rpenny at samba.org
Sat Aug 27 13:46:03 UTC 2016
On Sat, 27 Aug 2016 15:32:32 +0200
Harry Jede via samba <samba at lists.samba.org> wrote:
> On 15:14:06 wrote Rowland Penny via samba:
> > On Thu, 25 Aug 2016 10:22:36 +0200
> >
> > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> > > Ok thank you guys for you input.
> > >
> > >
> > >
> > >
> > >
> > > So we need tot add something here :
> > >
> > > cat /var/lib/samba/private/dns_update_list | grep ldap
> > >
> > > ${IF_RWDC}SRV
> > > _ldap._tcp.${DNSDOMAIN} ${HOSTNAME}
> > > 389
> > >
> > > ${IF_RWDC}SRV
> > > _ldap._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME}
> > > 389
> > >
> > > ${IF_RWDC}SRV
> > > _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} ${HOSTNAME}
> > > 389
> > >
> > > ${IF_DC}SRV
> > > _ldap._tcp.${SITE}._sites.${DNSDOMAIN}
> > > ${HOSTNAME} 389
> > >
> > > ${IF_DC}SRV
> > > _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME}
> > > 389
> > >
> > > ${IF_PDC}SRV
> > > _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME}
> > > 389
> > >
> > > ${IF_RWGC}SRV
> > > _ldap._tcp.gc._msdcs.${DNSFOREST} ${HOSTNAME}
> > > 3268
> > >
> > > ${IF_GC}SRV
> > > _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST} ${HOSTNAME}
> > > 3268
> > >
> > > ${IF_RWDNS_DOMAIN}SRV
> > > _ldap._tcp.DomainDnsZones.${DNSDOMAIN} ${HOSTNAME}
> > > 389
> > >
> > > ${IF_DNS_DOMAIN}SRV
> > > _ldap._tcp.${SITE}._sites.DomainDnsZones.${DNSDOMAIN} ${HOSTNAME}
> > > 389
> > >
> > > ${IF_RWDNS_FOREST}SRV
> > > _ldap._tcp.ForestDnsZones.${DNSFOREST} ${HOSTNAME}
> > > 389
> > >
> > > ${IF_DNS_FOREST}SRV
> > > _ldap._tcp.${SITE}._sites.ForestDnsZones.${DNSFOREST} ${HOSTNAME}
> > > 389
> > >
> > >
> > >
> > >
> > >
> > > Ive added the SRV records now as followed, and my squid groups not
> > > repond better :-) great.
> > >
> > > Use these commands, handy for others..
> > >
> > > samba-tool dns add DC1.fqdn dns_zone _ldaps._tcp SRV 'dc1.dns_zone
> > > 636 0 100'
> > >
> > > samba-tool dns add DC1.fqdn dns_zone _ldaps._tcp SRV 'dc2.dns_zone
> > > 636 0 100'
> > >
> > >
> > >
> > > now i do believe, that this needs by default in the samba
> > > installs, if ssl/tls is enabled by default.
> > >
> > >
> > >
> > >
> > >
> > > Greetz,
> > >
> > >
> > >
> > > Louis
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > > -----Oorspronkelijk bericht-----
> > > >
> > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland
> > > > Penny via
> > > >
> > > > samba
> > > >
> > > > Verzonden: woensdag 24 augustus 2016 18:10
> > > >
> > > > Aan: samba at lists.samba.org
> > > >
> > > > Onderwerp: Re: [Samba] missing dns records? _ldaps._tcp ?
> > > >
> > > >
> > > >
> > > > On Wed, 24 Aug 2016 11:56:06 -0400
> > > >
> > > > lingpanda101--- via samba <samba at lists.samba.org> wrote:
> > > > > I know you asked recently but I do have them from a long ago
> > > > >
> > > > > provisioned DC as reference.
> > > >
> > > > If you have them, I think you may be the only one who does ;-)
> > > >
> > > >
> > > >
> > > > A bit of searching doesn't turn up anything about _ldaps
> > > > records, just
> > > >
> > > > _ldap.
> > > >
> > > >
> > > >
> > > > Rowland
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > To unsubscribe from this list go to the following URL and read
> > > > the
> > > >
> > > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> > >
> >
> > No, I think you need to fix squid or at the very least, ask squid
> > where they got _ldaps from, because it doesn't seem to exist on any
> > AD DC.
> Google search:
> site:technet.microsoft.com ldaps
>
> and you will find:
> http://social.technet.microsoft.com/wiki/contents/articles/2979.event-id-1220-ldap-over-ssl-ldaps.aspx
>
> "If you install the AD CS role and specify the Setup Type as
> Enterprise on a domain controller, all domain controllers in the
> forest will be configured automatically to accept LDAP over SSL."
>
>
> >
> > Rowland
>
>
You still will not get any '_ldaps._tcp' objects in AD, using AD with
SSL wasn't the problem.
Rowland
More information about the samba
mailing list