Default DNS server for Samba 4.0
Andrew Bartlett
abartlet at samba.org
Thu Sep 6 15:52:27 MDT 2012
On Thu, 2012-09-06 at 14:53 +0200, Kai Blin wrote:
> On 2012-09-06 13:16, Andrew Bartlett wrote:
>
> Oh, btw,
>
> > We should walk before we run: Get the feature finished, get the
> > automated tests written, make it available and ask that people test it.
> > Test it with the various windows combinations that we need. Get it into
> > the SerNet appliance.
>
> One thing that makes testing really hard at the moment is that we add a
> BIND-specific dns user that windows doesn't have, which makes clients
> get the wrong kerberos ticket for sigend DNS updates for the internal
> server. If this is fixed, I'm pretty convinced the update code should
> already be run in the s3member test environment.
>
> Unfortunately, the provision code adding this user never checks for the
> DNS backend, and is in fact hidden way below any layer that knows about
> the dns backend. I'm open to suggestions on how we can fix this in a way
> that makes it easy for people to switch between the implementations. At
> the moment, it's rather hard.
Indeed. What I'm thinking is that given we are a DC, we can confirm if
the dns-server account exists (look up the SPN in the samdb), and then
use that account in the way that dlz_bind9 does. That way, folks can
switch without removing accounts from the directory.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list