Default DNS server for Samba 4.0

Andrew Bartlett abartlet at
Thu Sep 6 15:52:27 MDT 2012

On Thu, 2012-09-06 at 14:53 +0200, Kai Blin wrote:
> On 2012-09-06 13:16, Andrew Bartlett wrote:
> Oh, btw,
> > We should walk before we run:  Get the feature finished, get the
> > automated tests written, make it available and ask that people test it.
> > Test it with the various windows combinations that we need.  Get it into
> > the SerNet appliance.  
> One thing that makes testing really hard at the moment is that we add a
> BIND-specific dns user that windows doesn't have, which makes clients
> get the wrong kerberos ticket for sigend DNS updates for the internal
> server. If this is fixed, I'm pretty convinced the update code should
> already be run in the s3member test environment.
> Unfortunately, the provision code adding this user never checks for the
> DNS backend, and is in fact hidden way below any layer that knows about
> the dns backend. I'm open to suggestions on how we can fix this in a way
> that makes it easy for people to switch between the implementations. At
> the moment, it's rather hard.

Indeed.  What I'm thinking is that given we are a DC, we can confirm if
the dns-server account exists (look up the SPN in the samdb), and then
use that account in the way that dlz_bind9 does.  That way, folks can
switch without removing accounts from the directory.  

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list