[Samba] Question regarding creation of dns.keytab for joined Samba4 server

Andreas Oster aoster at novanetwork.de
Sat Jan 14 07:57:43 MST 2012


Andreas Oster <aoster <at> 
novanetwork.de> writes:

> 
> Hello all,
> 
> I have migrated an old Win2k Active 
Directory to a Samba4 only
> domain. Because the provision step 
has not been used I now do
> not have the dns.keytab file for secure 
dynamic DNS updates
> with bind9. I have found a useful link 
here:
> 
> http://us.generation-nt.com/answer/
samba-dns-keytab-samba4-bind9-help-
203936221.html
> 
> but I am not sure if this is the right way 
to manually create
> the missing AD entries and dns.keytab 
file.
> 
> One thing I am worried about is, that I 
do have two samba servers.
> How does the ldif file need to look like 
to allow both servers to
> update DNS entries ?
> 
> dn: CN=dns-
smbserver,CN=Users,DC=example,DC=co
m
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> description: DNS Service Account for 
smbserver
> userAccountControl: 512
> accountExpires: 9223372036854775807
> sAMAccountName: dns-smbserver
> servicePrincipalName: DNS/
smbserver1.example.com     ????
> servicePrincipalName: DNS/
smbserver2.example.com     ????
> servicePrincipalName: DNS/
example.com
> clearTextPassword:: 
base64encodedpassword
> 
> What should the named.conf entry look 
like ?
> 
> tkey-gssapi-credential "DNS/
smbserver1.example.com";
> tkey-domain "EXAMPLE.COM";
> 
> but what about smbserver2 ?
> 
> Thank you for your kind help
> 
> best regards
> 
> Andreas
> 

Hello all,

I have found some information in a 
previous post by Andrew Bartlett. There
he pointed out, that only one samba 
server can send DNS updates  to bind9.

But what happens if the first server is not  
functional ? 

best regards

Andreas




More information about the samba mailing list