[Samba] how to allow ISC dhcpd to add/update entries to bind9 with bind_dlz (samba4)
Nico Kadel-Garcia
nkadel at gmail.com
Sun Mar 18 10:29:08 MDT 2012
On Sun, Mar 18, 2012 at 11:19 AM, steve <steve at steve-ss.com> wrote:
> On 17/03/12 18:00, Andreas Oster wrote:
>
>> I want to achieve the following:
>>
>> 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd
>> 2) allow Windows machines (joined to AD) to update their own entries
>>
>> 2 - already works with the configuration from samba wiki
>>
>> Thank you for your kind help
>>
>> best regards
>>
>> Andreas
>>
>> Hi
> I'm not sure if his is what you mean but we have a lan of windows and
> linux clients under s4. Both win and Linux clients get their IP via dhcp.
> You can see the Kerberos dialogue reveal the IP when the box first
> connects. It is a different IP after each boot. So, if Linux counts as non
> windows, then yes, it works. We did nothing apart from adding the dlz stuff
> to bind.
> Cheers,
> Steve
>
Unfortunately, this is a problematic configuration for public encryption
key systems, namely HTTPS and SSH servers. In particular, there's nothing
like two SSH servers (namely most Linux systems) migrating to the same IP
address at differents to cause conniptions for the SSH clients who shriek
"AAAHHHH!!! I HAVE MISMATCHED PUBLIC HOSTKEYS FOR THAT ADDRESS AND NO TOOL
EXCEPT YOUR MANUAL TEXT EDITOR TO CLEAR THEM!!! WAILL!!! SH-R-I-E-K-K-K!!!!"
The usual solution to this is to provide DHCP reservations with stable IP
addresses for all available hosts. This is triviial with ISC DHCP, and
requires manual intervention or some very clever scripting with AD based
DHCP. It's also why it's often handy to put the vaguely stable Linux hosts
in their own VLAN or address range: it makes the DHCP reservation
management easier.
More information about the samba
mailing list