[Samba] Question regarding creation of dns.keytab for joined Samba4 server
Andreas Oster
aoster at novanetwork.de
Sat Jan 14 07:57:43 MST 2012
Andreas Oster <aoster <at>
novanetwork.de> writes:
>
> Hello all,
>
> I have migrated an old Win2k Active
Directory to a Samba4 only
> domain. Because the provision step
has not been used I now do
> not have the dns.keytab file for secure
dynamic DNS updates
> with bind9. I have found a useful link
here:
>
> http://us.generation-nt.com/answer/
samba-dns-keytab-samba4-bind9-help-
203936221.html
>
> but I am not sure if this is the right way
to manually create
> the missing AD entries and dns.keytab
file.
>
> One thing I am worried about is, that I
do have two samba servers.
> How does the ldif file need to look like
to allow both servers to
> update DNS entries ?
>
> dn: CN=dns-
smbserver,CN=Users,DC=example,DC=co
m
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> description: DNS Service Account for
smbserver
> userAccountControl: 512
> accountExpires: 9223372036854775807
> sAMAccountName: dns-smbserver
> servicePrincipalName: DNS/
smbserver1.example.com ????
> servicePrincipalName: DNS/
smbserver2.example.com ????
> servicePrincipalName: DNS/
example.com
> clearTextPassword::
base64encodedpassword
>
> What should the named.conf entry look
like ?
>
> tkey-gssapi-credential "DNS/
smbserver1.example.com";
> tkey-domain "EXAMPLE.COM";
>
> but what about smbserver2 ?
>
> Thank you for your kind help
>
> best regards
>
> Andreas
>
Hello all,
I have found some information in a
previous post by Andrew Bartlett. There
he pointed out, that only one samba
server can send DNS updates to bind9.
But what happens if the first server is not
functional ?
best regards
Andreas
More information about the samba
mailing list