Aw: Re: Re: Re: samba4 and bind9 - dynamic udpdates not working anymore

support at remsnet.de support at remsnet.de
Sat Dec 27 08:49:06 MST 2014


Well Roland,

>
> There we go, yet another wikipage that pops up out of nowhere, 

That page was was linked  from https://wiki.samba.org/index.php/DNS#Limitations_.2F_Known_issues
After googled searched for "samba signed updates" .

> I will  look into it, after all,

I don´t wanted to brother you mutch , 
just this Item spreding arround outsite samba.org with different ways with to solve it 

-> lets write an more sufficent wiki page for it.

for  samba 3.x ther IS an clean samba.or docu regarding  samba4 + dhcp +bind9
for samba AD 4.x NOT YET as its different way to configure the  dynamic updates for Outside samba software.


> I have using samba4, dhcp and bind9 since 
> before samba 4.0 was released (in one form or another)

me too ... since quite some plenty years ..

>
> 


--
Mit freundlichen Grüßen / Best Regards

Horst Venzke ; PGP NET : 1024G/082F2E6D ;  http://www.remsnet.de

Legal Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.


> Gesendet: Samstag, 27. Dezember 2014 um 16:11 Uhr
> Von: "Rowland Penny" <repenny241155 at gmail.com>
> An: support at remsnet.de
> Cc: samba-technical at lists.samba.org
> Betreff: Re: Aw: Re:  Re: samba4 and bind9 - dynamic udpdates not working anymore
>
> On 27/12/14 14:57, support at remsnet.de wrote:
> > Karl,
> >
> > may you have us the output of named-sdb -V please .
> >
> > @ Roland ,
> >
> >  From one of my  RPI as well intel based  samba ads  with dlz :
> >
> > #### BIND DLZ-DNS ####
> >          dns forwarder = <eth ip>
> >          allow dns updates = nonsecure and secure
> >          nsupdate command =  /usr/bin/nsupdate -g
> >
> > -g switch been nessary
> > .... BIND’s nsupdate tool supports Microsoft’s Kerberos authentication scheme when using the -g flag
> >
> >   Without you get an denied with spnego dns updates  on Bind-DLZ on older bind9.x
> >   this are not required for internal dns uppon the samba docs.
> >
> >
> > named.conf i.e what i used here :
> >
> >   options {
> >          
> >          allow-transfer  { localhost; 10.0.0.0/24; };
> >          allow-query     { localhost; 10.0.0.0/24; };
> >          allow-recursion { localhost; 10.0.0.0/24; };
> >
> >          recursion yes;
> >
> >          dnssec-enable no;
> >          dnssec-validation no;
> >          dnssec-lookaside auto;
> >
> >          tkey-domain "<REALM>";
> >          tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> >
> > }
> >
> >
> >
> >
> > @ Rowland   probably we shuold add some hints at https://wiki.samba.org/index.php/DNS/ToDo/shared_key_tsig
> 
> There we go, yet another wikipage that pops up out of nowhere, I will 
> look into it, after all, I have using samba4, dhcp and bind9 since 
> before samba 4.0 was released (in one form or another)
> 
> >
> > as you and louis  solved that allready a while ago .. see i.e  https://secure.bazuin.nl/scripts/ ..
> 
> Louis's scripts are based on a setup I was using, since then I have 
> reverted back to just one script with everything in it.
> 

sounds nicely :-)

> Rowland
> 
> >
> > --
> > Mit freundlichen Grüßen / Best Regards
> >
> > Horst Venzke ; PGP NET : 1024G/082F2E6D ;  http://www.remsnet.de
> >
> > Legal Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.
> >
> >
> >
> >
> 
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: addressbook.vcf
Type: text/x-vcard
Size: 929 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141227/f6bd43fc/attachment.vcf>


More information about the samba-technical mailing list