Doc amendments for SRV and DNS ...
John H Terpstra
jht at samba.org
Wed Jan 7 17:13:15 GMT 2004
On Wed, 7 Jan 2004, C.Lee Taylor wrote:
> Greetings ...
> I hope John is not going to give me too much up hill, but I have found
> a few corrections and suggestions ... here they go ...
Feedback of any type is always welcome. Particularly constructive feedback
like this. I will update the information soon. Thank-you.
> Section 184.108.40.206 which is some thing like ...
> _ldap._tcp.pdc.ms-dcs.quenya.org, which needs to be changed to
> Section 7.4.2 which is some think like ... All ADS domains will
> automatically create SRV records in the DNS zone _kerberos.REALM.NAME
> for each KDC in the realm, then _kerberos.REALM.NAME needed to be
> changed to _kerberos._tcp.dc._msdcs.quenya.org
> with better explaination at
> Section 7.4.6, we might need to relook at this, because I see my Win2K3
> server has SRV for _kerberos._tcp and _ldap._tcp but not _kerberos._udp,
> so I wonder for M$ support the udp options, or if it would work out of
> the box better if we give intructions on how to put these records in ...
> Section 7.6.1, I have a not to look at "nbtstat -RR" and "nbtstat -c"
> to help with this ... but will have to see what I meant with this ...
> sorry ...
> Section 7.6.3, might be worth stating that Samba 3.0.1 has this has the
> default, and should not need to be set, but double checking with
> "testparm -s -v |grep spnego" is also good ...
> Section 10.3.3, a few things need to be corrected, and some things need
> to be explained better ...
> _ldap._tcp.pdc.ms-dcs.Domain need to be changed to
> also can be added
> _ldap._tcp.dc._msdcs.Domain can return all the Domain Controllers
> Maybe a link to http://support.microsoft.com/?kbid=241515 which
> explains how to verify SRV records ... and also give a command line
> explain, like ...
> dig @10.1.1.16 -t any _ldap._tcp.dc._msdcs.quenya.org
> ; <<>> DiG 9.2.2-P3 <<>> @10.1.1.16 -t any _ldap._tcp.dc._msdcs.quenya.org
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3072
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
> ;; QUESTION SECTION:
> ;_ldap._tcp.dc._msdcs.quenya.org. IN ANY
> ;; ANSWER SECTION:
> _ldap._tcp.dc._msdcs.quenya.org. 600 IN SRV 0 100 389 naszadc01.quenya.org.
> _ldap._tcp.dc._msdcs.quenya.org. 600 IN SRV 0 100 389 naszadc02.quenya.org.
> ;; ADDITIONAL SECTION:
> naszadc01.quenya.org. 3600 IN A 10.1.1.16
> naszadc02.quenya.org. 1200 IN A 10.1.1.17
> ;; Query time: 0 msec
> ;; SERVER: 10.1.1.16#53(10.1.1.16)
> ;; WHEN: Wed Jan 7 12:29:32 2004
> ;; MSG SIZE rcvd: 173
> Also, everthing below _ldap._tcp.pdc.ms-dcs.DomainTree does not work
> for me, maybe again, we could put in a few examples ... I would like to
> understand these other options better.
John H Terpstra
Email: jht at samba.org
More information about the samba-technical