[Samba] Question regarding creation of dns.keytab for joined Samba4 server

Andreas Oster aoster at novanetwork.de
Sat Jan 14 07:57:43 MST 2012

Andreas Oster <aoster <at> 
novanetwork.de> writes:

> Hello all,
> I have migrated an old Win2k Active 
Directory to a Samba4 only
> domain. Because the provision step 
has not been used I now do
> not have the dns.keytab file for secure 
dynamic DNS updates
> with bind9. I have found a useful link 
> http://us.generation-nt.com/answer/
> but I am not sure if this is the right way 
to manually create
> the missing AD entries and dns.keytab 
> One thing I am worried about is, that I 
do have two samba servers.
> How does the ldif file need to look like 
to allow both servers to
> update DNS entries ?
> dn: CN=dns-
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> description: DNS Service Account for 
> userAccountControl: 512
> accountExpires: 9223372036854775807
> sAMAccountName: dns-smbserver
> servicePrincipalName: DNS/
smbserver1.example.com     ????
> servicePrincipalName: DNS/
smbserver2.example.com     ????
> servicePrincipalName: DNS/
> clearTextPassword:: 
> What should the named.conf entry look 
like ?
> tkey-gssapi-credential "DNS/
> tkey-domain "EXAMPLE.COM";
> but what about smbserver2 ?
> Thank you for your kind help
> best regards
> Andreas

Hello all,

I have found some information in a 
previous post by Andrew Bartlett. There
he pointed out, that only one samba 
server can send DNS updates  to bind9.

But what happens if the first server is not  
functional ? 

best regards


More information about the samba mailing list