Doc amendments for SRV and DNS ...

John H Terpstra jht at samba.org
Tue Jan 13 06:26:01 GMT 2004


Lee,

Thanks for the feedback. I have updaate the HOWTO, though probably not
as fully as I might. The update should appear in CVS within 24 hours.

Thanks for helping out with the documentation.

Cheers,
John T.

On Wed, 7 Jan 2004, C.Lee Taylor wrote:

> Greetings ...
>
> 	I hope John is not going to give me too much up hill, but I have found
> a few corrections and suggestions ... here they go ...
>
> 	Section 6.2.5.2 which is some thing like ...
> _ldap._tcp.pdc.ms-dcs.quenya.org, which needs to be changed to
> _ldap._tcp.pdc._msdcs.quenya.org
>
> 	Section 7.4.2 which is some think like ... All ADS domains will
> automatically create SRV records in the DNS zone _kerberos.REALM.NAME
> for each KDC in the realm, then _kerberos.REALM.NAME needed to be
> changed to _kerberos._tcp.dc._msdcs.quenya.org
>
> with better explaination at
> http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.1/doc/krb5-install.html#Hostnames%20for%20the%20Master%20and%20Slave%20KDCs
>
> 	Section 7.4.6, we might need to relook at this, because I see my Win2K3
> server has SRV for _kerberos._tcp and _ldap._tcp but not _kerberos._udp,
> so I wonder for M$ support the udp options, or if it would work out of
> the box better if we give intructions on how to put these records in ...
>
> 	Section 7.6.1, I have a not to look at "nbtstat -RR" and "nbtstat -c"
> to help with this ... but will have to see what I meant with this ...
> sorry ...
>
> 	Section 7.6.3, might be worth stating that Samba 3.0.1 has this has the
> default, and should not need to be set, but double checking with
> "testparm -s -v |grep spnego" is also good ...
>
> 	Section 10.3.3, a few things need to be corrected, and some things need
> to be explained better ...
>
> 	_ldap._tcp.pdc.ms-dcs.Domain need to be changed to
> _ldap._tcp.pdc._msdcs.Domain
>
> 	also can be added
> _ldap._tcp.dc._msdcs.Domain can return all the Domain Controllers
>
> 	Maybe a link to http://support.microsoft.com/?kbid=241515 which
> explains how to verify SRV records ... and also give a command line
> explain, like ...
>
> dig @10.1.1.16 -t any _ldap._tcp.dc._msdcs.quenya.org
>
> ; <<>> DiG 9.2.2-P3 <<>> @10.1.1.16 -t any _ldap._tcp.dc._msdcs.quenya.org
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3072
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
>
>
> ;; QUESTION SECTION:
> ;_ldap._tcp.dc._msdcs.quenya.org. IN        ANY
>
>
> ;; ANSWER SECTION:
> _ldap._tcp.dc._msdcs.quenya.org. 600 IN SRV 0 100 389 naszadc01.quenya.org.
> _ldap._tcp.dc._msdcs.quenya.org. 600 IN SRV 0 100 389 naszadc02.quenya.org.
>
>
> ;; ADDITIONAL SECTION:
> naszadc01.quenya.org. 3600  IN      A       10.1.1.16
> naszadc02.quenya.org. 1200  IN      A       10.1.1.17
>
>
> ;; Query time: 0 msec
> ;; SERVER: 10.1.1.16#53(10.1.1.16)
> ;; WHEN: Wed Jan  7 12:29:32 2004
> ;; MSG SIZE  rcvd: 173
>
> 	Also, everthing below _ldap._tcp.pdc.ms-dcs.DomainTree does not work
> for me, maybe again, we could put in a few examples ... I would like to
> understand these other options better.
>
> Mailed
> Lee
>
>
>

-- 
John H Terpstra
Email: jht at samba.org


More information about the samba-technical mailing list