[PATCH] Re: Internal dns server changed between RC2 & 4.1.0pre1-GIT-2c3a808

Andrew Bartlett abartlet at samba.org
Mon Oct 15 22:37:25 MDT 2012

On Tue, 2012-10-16 at 09:54 +1100, Andrew Bartlett wrote:
> On Mon, 2012-10-15 at 21:56 +0200, Kai Blin wrote:
> > On 2012-10-15 21:48, Rowland Penny wrote:
> > > On 15/10/12 20:19, Kai Blin wrote:
> > >> On 2012-10-15 19:21, Rowland Penny wrote:
> > >>
> > >>> It is one I found on the internet and altered to fit my needs, as I said
> > >>> it works on RC2 but now will not work on pre1.
> > >>> basically the script is run by dhcp from dhcpd.conf, it checks a
> > >>> kerberos keytab then runs nsupdate to first delete the pc's nameserver
> > >>> record (if there is one) then adds it into to the required zone. The
> > >>> script then checks to see if the record now exists.
> > >> Hm, I think we got rid of the DNS special user for RC1, but I seem to
> > >> remember Jelmer added back the code that adds it to some of the upgrade
> > >> scripts. Did you run any?
> > > 
> > > No I didn't, I just provisioned as normal, but there is a user at
> > > CN=dns-adserver,CN=Users,DC=home,DC=lan. Should I remover this user or
> > > can I just ignore it?
> > 
> > Ah, it's a new provision. That's relevant information. Try removing that
> > user. It's been causing trouble for me in the past.
> It's been lost in all the review discussion, but we actually do need to
> revert that patch, it was put in based on a misunderstanding.  
> We also need to patch up the internal DNS server to cope with the
> dns-SERVER user (it's not difficult, just needs to be done, and avoids
> needing to run the upgrade script in one direction). 

The attached two patches should fix this, both reverting the incorrect
change and allowing a server configured to use bind9_dlz to use the
internal server without changing the directory.  

Users like Rowland who provisioned since Jelmer's patch will need to
delete the dns-SERVER user, as the patch was incorrect (didn't create
the secrets.ldb entry to match). 


Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Revert-provision-Always-create-DNS-user.patch
Type: text/x-patch
Size: 4558 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121016/eea450c7/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-dns_server-Try-and-use-the-dns-SERVER-account-if-we-.patch
Type: text/x-patch
Size: 3617 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121016/eea450c7/attachment-0001.bin>

More information about the samba-technical mailing list