allow dns updates on samba4
Carlos Miguel Bustillo Rdguez
cbustillo at uclv.edu.cu
Sat Feb 1 09:49:52 MST 2014
Hi Stefan:
> Yes, the secure dns updates use kerberos and need synchronized clocks.
>
> Have a look at https://wiki.samba.org/index.php/Configure_NTP.
My problem was associated with time sync. My clients are able to login,
but sometimes the time sync not occur when join the workstation to domain.
When I sync time manually the dynamic dns updates are successful.
Dynamic dns updates work correctly in both backends (internal dns and
bind_dlz). Actually I am using bind_dlz backend. Sometime PTR record
don't added when join a workstation to my domain.
I following the steps in https://wiki.samba.org/index.php/Configure_NTP,
but I have a doubt in section "Permissions, SELinux Labeling and Policy"
is necessary to do the steps described in Debian?? I don't use SELinux.
Regards, Carlos
On 01/28/2014 02:59 AM, Stefan (metze) Metzmacher wrote:
> Hi Carlos,
>
>>> I'm a bit confused here. What DNS backend are you using? As far as I can
>>> tell, the "allow dns updates" directive in smb.conf is only used by the
>>> internal dns. Yet, in the other thread you mentioned you were using BIND
>>> 9.8.4.
>> I forgot to mention the initially I was using bind_dlz backend, then I
>> change to internal dns backend. As you say the "allow dns updates"
>> directive in smb.conf in only used by the internal dns.
>>
>>> With the internal DNS, as long as the appropriate subnet is created in
>>> AD, clients should be able to make updates to that subnet. If this is
>>> your scenario and it's not working, please let me know.
>> I create the subnet in AD, using "Active Directory Sites and Services"
>> in a workstations with Remote Server Administration Tools. I made the
>> test with internal dns and bind_dlz backend, but dynamic dns updates
>> don't work. The only way that it works is setting "allow dns updates =
>> nonsecure" in smb.conf when I using internal dns backend.
>>
>> While the clients are in the same subnet of Samba DC, there is no problems.
>>
>> Is possible if the clock between DC and client are not synchronized, the
>> dynamic dns updates don't work?
> Yes, the secure dns updates use kerberos and need synchronized clocks.
>
> Have a look at https://wiki.samba.org/index.php/Configure_NTP.
>
> metze
>
> La Universidad Central "Marta Abreu" de Las Villas en su 60 Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en: http://www.uclv.edu.cu
> Participe en Universidad 2014, del 10 al 14 de febrero de 2014. Habana. Cuba. http://www.congresouniversidad.cu/
>
>
> .
>
La Universidad Central "Marta Abreu" de Las Villas en su 60 Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en: http://www.uclv.edu.cu
Participe en Universidad 2014, del 10 al 14 de febrero de 2014. Habana. Cuba. http://www.congresouniversidad.cu/
More information about the samba-technical
mailing list