provision: Always create DNS user.

Andrew Bartlett abartlet at
Thu Oct 11 15:03:42 MDT 2012

On Thu, 2012-10-11 at 21:23 +0200, Stefan (metze) Metzmacher wrote:
> Hi Jelmer,
> > - Log -----------------------------------------------------------------
> > commit c2d14747d608d406de6410556807d467cd0b85ef
> > Author: Jelmer Vernooij <jelmer at>
> > Date:   Thu Oct 11 14:45:10 2012 +0200
> > 
> >     provision: Always create DNS user.
> >     
> >     The DNS user is currently only used by the bind9 plugin. This makes it
> >     easier to later on switch between the builtin DNS server and bind
> >     backend.
> >     
> >     In addition, ideally the internal DNS server would use that (separate)
> >     user too.
> Why? Isn't that the job of samba_upgradedns?
> I removed this behavior because I want us to match windows as much as
> possible.


We discussed this, but I think you misunderstood me.  Certainly we can't
do this unless we first change the internal DNS server to know about the
possibility of a dns-SERVER user.  Otherwise it won't use the right key
on the kerberos acceptor.

I was more thinking that we would keep the previous behaviour (which is
more like windows), but allow the internal DNS server to work if a
dns-SERVER user exists (rather than strictly requiring it to be


Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list