Aw: Re: Re: samba4 and bind9 - dynamic udpdates not working anymore
support at remsnet.de
support at remsnet.de
Sat Dec 27 07:57:59 MST 2014
Karl,
may you have us the output of named-sdb -V please .
@ Roland ,
>From one of my RPI as well intel based samba ads with dlz :
#### BIND DLZ-DNS ####
dns forwarder = <eth ip>
allow dns updates = nonsecure and secure
nsupdate command = /usr/bin/nsupdate -g
-g switch been nessary
.... BIND’s nsupdate tool supports Microsoft’s Kerberos authentication scheme when using the -g flag
Without you get an denied with spnego dns updates on Bind-DLZ on older bind9.x
this are not required for internal dns uppon the samba docs.
named.conf i.e what i used here :
options {
allow-transfer { localhost; 10.0.0.0/24; };
allow-query { localhost; 10.0.0.0/24; };
allow-recursion { localhost; 10.0.0.0/24; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
tkey-domain "<REALM>";
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
}
@ Rowland probably we shuold add some hints at https://wiki.samba.org/index.php/DNS/ToDo/shared_key_tsig
as you and louis solved that allready a while ago .. see i.e https://secure.bazuin.nl/scripts/ ..
--
Mit freundlichen Grüßen / Best Regards
Horst Venzke ; PGP NET : 1024G/082F2E6D ; http://www.remsnet.de
Legal Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: addressbook.vcf
Type: text/x-vcard
Size: 929 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141227/ad1821f9/attachment.vcf>
More information about the samba-technical
mailing list