[Samba] Question regarding creation of dns.keytab for joined Samba4 server
Andreas Oster
aoster at novanetwork.de
Sat Jan 14 04:12:19 MST 2012
Hello all,
I have migrated an old Win2k Active Directory to a Samba4 only
domain. Because the provision step has not been used I now do
not have the dns.keytab file for secure dynamic DNS updates
with bind9. I have found a useful link here:
http://us.generation-nt.com/answer/samba-dns-keytab-samba4-bind9-help-203936221.html
but I am not sure if this is the right way to manually create
the missing AD entries and dns.keytab file.
One thing I am worried about is, that I do have two samba servers.
How does the ldif file need to look like to allow both servers to
update DNS entries ?
dn: CN=dns-smbserver,CN=Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
description: DNS Service Account for smbserver
userAccountControl: 512
accountExpires: 9223372036854775807
sAMAccountName: dns-smbserver
servicePrincipalName: DNS/smbserver1.example.com ????
servicePrincipalName: DNS/smbserver2.example.com ????
servicePrincipalName: DNS/example.com
clearTextPassword:: base64encodedpassword
What should the named.conf entry look like ?
tkey-gssapi-credential "DNS/smbserver1.example.com";
tkey-domain "EXAMPLE.COM";
but what about smbserver2 ?
Thank you for your kind help
best regards
Andreas
More information about the samba
mailing list