Doc amendments for SRV and DNS ...
John H Terpstra
jht at samba.org
Tue Jan 13 06:26:01 GMT 2004
Lee,
Thanks for the feedback. I have updaate the HOWTO, though probably not
as fully as I might. The update should appear in CVS within 24 hours.
Thanks for helping out with the documentation.
Cheers,
John T.
On Wed, 7 Jan 2004, C.Lee Taylor wrote:
> Greetings ...
>
> I hope John is not going to give me too much up hill, but I have found
> a few corrections and suggestions ... here they go ...
>
> Section 6.2.5.2 which is some thing like ...
> _ldap._tcp.pdc.ms-dcs.quenya.org, which needs to be changed to
> _ldap._tcp.pdc._msdcs.quenya.org
>
> Section 7.4.2 which is some think like ... All ADS domains will
> automatically create SRV records in the DNS zone _kerberos.REALM.NAME
> for each KDC in the realm, then _kerberos.REALM.NAME needed to be
> changed to _kerberos._tcp.dc._msdcs.quenya.org
>
> with better explaination at
> http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.1/doc/krb5-install.html#Hostnames%20for%20the%20Master%20and%20Slave%20KDCs
>
> Section 7.4.6, we might need to relook at this, because I see my Win2K3
> server has SRV for _kerberos._tcp and _ldap._tcp but not _kerberos._udp,
> so I wonder for M$ support the udp options, or if it would work out of
> the box better if we give intructions on how to put these records in ...
>
> Section 7.6.1, I have a not to look at "nbtstat -RR" and "nbtstat -c"
> to help with this ... but will have to see what I meant with this ...
> sorry ...
>
> Section 7.6.3, might be worth stating that Samba 3.0.1 has this has the
> default, and should not need to be set, but double checking with
> "testparm -s -v |grep spnego" is also good ...
>
> Section 10.3.3, a few things need to be corrected, and some things need
> to be explained better ...
>
> _ldap._tcp.pdc.ms-dcs.Domain need to be changed to
> _ldap._tcp.pdc._msdcs.Domain
>
> also can be added
> _ldap._tcp.dc._msdcs.Domain can return all the Domain Controllers
>
> Maybe a link to http://support.microsoft.com/?kbid=241515 which
> explains how to verify SRV records ... and also give a command line
> explain, like ...
>
> dig @10.1.1.16 -t any _ldap._tcp.dc._msdcs.quenya.org
>
> ; <<>> DiG 9.2.2-P3 <<>> @10.1.1.16 -t any _ldap._tcp.dc._msdcs.quenya.org
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3072
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
>
>
> ;; QUESTION SECTION:
> ;_ldap._tcp.dc._msdcs.quenya.org. IN ANY
>
>
> ;; ANSWER SECTION:
> _ldap._tcp.dc._msdcs.quenya.org. 600 IN SRV 0 100 389 naszadc01.quenya.org.
> _ldap._tcp.dc._msdcs.quenya.org. 600 IN SRV 0 100 389 naszadc02.quenya.org.
>
>
> ;; ADDITIONAL SECTION:
> naszadc01.quenya.org. 3600 IN A 10.1.1.16
> naszadc02.quenya.org. 1200 IN A 10.1.1.17
>
>
> ;; Query time: 0 msec
> ;; SERVER: 10.1.1.16#53(10.1.1.16)
> ;; WHEN: Wed Jan 7 12:29:32 2004
> ;; MSG SIZE rcvd: 173
>
> Also, everthing below _ldap._tcp.pdc.ms-dcs.DomainTree does not work
> for me, maybe again, we could put in a few examples ... I would like to
> understand these other options better.
>
> Mailed
> Lee
>
>
>
--
John H Terpstra
Email: jht at samba.org
More information about the samba-technical
mailing list