Secure Dynamic DNS updates using machine account.
abartlet at samba.org
Fri Jun 10 08:06:48 UTC 2016
On Tue, 2016-06-07 at 23:06 +0000, Hemanth Thummala wrote:
> Hi Everyone,
> We have a need to update the dns (register new IP or unregister an
> existing IP) using machine account. Currently net ads register
> command seems to be working only with Administrator credentials. -P
> option works only when we set the domain updates to secure and Non
> -secure. I.e Secure updates not working using machine account.
> We have tried considering adding the machine account to DNS update
> proxy security group. But this is still not helping. Adding the
> machine account to “DNSAdmin” group works but we do not want to add
> the account to any administrator groups.
> Has anyone tried using –P option for dns register command with
> minimum set of permissions?
Is the join DNS update happening as administrator? That would then own
the record, and prevent the machine from updating it's own record. The
DNS update should be done as the machine. If that is the issue, we may
need to patch Samba in that regard.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical