[Samba] Reverse DNS, Kerberos, and Samba4 as a DC

[Michael Wood]

On 15 September 2010 20:39, Alex Waite <awaite at mcw.edu> wrote:
> Hey everyone,
>    I'm one of those crazy people willing to try setting up Samba4 alpha in a
> small production environment as a DC.  I've followed the Samba4 HowTo (which
> is excellent by the way) and have a domain setup and functioning in a test
> environment.
>    My production network, however, is not quite as nice as my test network.
>  I have convinced IT (I work for a group of research labs, independent of
> the main IT group here) to delegate control of my department's subdomain to
> a DNS server I control.  However, rDNS has turned out to be a real sticking
> point.  Subnets are setup geographically here and I cannot have an entire
> subnet assigned to my department.  I've brought up using Classless
> in-addr.arpa. delegation (RFC 2317) or setting up our own VLAN, but movement
> has been slow on these options.
>    I've continued researching and it seems that it may be possible to setup
> Kerberos without rDNS.  I'm having a difficult time finding hard information
> on this, so I wanted to ask the Samba community what they know about this,
> and if it's possible configure Kerberos sans-rDNS to function correctly in a
> Samba4 driven domain.
>    Thank you to everyone for their hard work on this project, and for taking
> the time to write such good documentation.  It really is quite helpful.

I'm not sure reverse DNS is actually important for Kerberos to work.
The samba4 provision script does not even set up reverse DNS.

I've Cc'ed samba-technical for a better chance at an authoritative answer.

-- 
Michael Wood <esiotrot at gmail.com>