[Samba] samba4 internal dns Server ddns for the reverse lookup Zone

L.P.H. van Belle belle at bazuin.nl
Fri Aug 22 04:39:58 MDT 2014 

this is what needs to be done..

#	FOR USE WITH BIND9_DLZ and dynamic updates
#	It should be noted that using this method will affect functionality of windows clients, 
#	as they will still attempt to update DNS on their own and will be denied permission 
#	to do so as the record will be owned by the dhcp user.
#
#	you'll need a Windows PC with the RSAT tools installed. 
#	Simply create a dedicated GPO with the Group Policy Editor, 
#	apply only to OUs that contain workstations 
#	(so that servers can still update using 'ipconfig /registerdns') 
#	and configure the following settings:
###
#	Computer Configuration
#	  Policies
#	    Administrative Templates
#	      Network
#	        DNS Client
#	          Dynamic Update = Disabled
#		    Register PTR Records = Disabled

Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: steve at steve-ss.com [mailto:samba-bounces at lists.samba.org] 
>Namens steve
>Verzonden: vrijdag 22 augustus 2014 12:13
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] samba4 internal dns Server ddns for the 
>reverse lookup Zone
>
>On Fri, 2014-08-22 at 09:47 +0100, Rowland Penny wrote:
>> On 22/08/14 09:30, steve wrote:
>> > On Fri, 2014-08-22 at 09:54 +0200, Markus Roth wrote:
>> >> Hi Steve,
>> >>   
>> >> oh no :-) Sicne you gave me the tip for sssd, i use it. 
>The interessting thing is that since i have sssd my server1 is 
>also doing ddns updates. Before sssd it didn't. And the ddns 
>update from my server1 is without any denied messages (server1 
>has the static IP 192.168.178.130). My client1 windows7 brings 
>first the denied message with a static ip and then it's doing 
>the updates. And at this point i thougt you said my configs 
>are ok, or the best i can get with static IPs :-)
>> >>   
>> >> So i started to implement dhcp for my further tests 
>before i go to productive use. So now i have the problem with 
>dhcp i get the exit 256 message and than the denied message 
>from my client1 again. It seems that my client is doing the 
>ddns updates instead the script in the dhcp-config. :-) But i 
>don't know why. I think the exit 256 message is the problem. 
>My dhcpd-user has rw rights on the sh-script and recursive on 
>/etc/dhcp and now the sh-script is under /usr/local/sbin as 
>rowland said.
>> >> In the dyndns.log from the sh-script it says every time 
>that no dhcp-user exists and that the script would generate one.
>> >>   
>> > Hi Markus,
>> > As we see it, you use either Rowland's dhcp 
>direct-inject-on-dc script
>> > and turn off ddns on your clients or you use sssd on Linux 
>and allow the
>> > window clients to send their own ddns requests. If the latter, you
>> > disable ddns updates if you run sssd on the DC.
>> > @Rowland Is this what we are taking about here?
>> > Cheers and sorry about the confusion,
>> 
>> Your confused, I think just about everybody is confused here ;-)
>> 
>> And yes, you can only use one, either get sssd to update the 
>forward and 
>> reverse zones OR use the setup I use. You cannot use both.
>> 
>> Rowland
>
>Perfect. OK then. So the OP needs to:
>1. Decide which way to go. AND TELL US! Let's assume he goes with
>Rowland's dhcp-ddns script on the DC. So,
>2. Disable ddns. Is this it?
>http://support.microsoft.com/kb/816592
>3. Disable ddns updates from sssd on the DC and the Linux cleints in
>sssd.conf:
>dyndns_update=false
>HTH
>Steve
>
>
>> 
>> > Steve
>> >
>> >>   
>> >>
>> >> Gesendet: Freitag, 22. August 2014 um 01:01 Uhr
>> >> Von: steve <steve at steve-ss.com>
>> >> An: samba at lists.samba.org
>> >> Betreff: Re: [Samba] samba4 internal dns Server ddns for 
>the reverse lookup Zone
>> >> On Fri, 2014-08-22 at 00:19 +0200, Markus Roth wrote:
>> >>
>> >>> Yes I'm running sssd.conf with the dns update:
>> >>>
>> >>> [sssd]
>> >>> services = nss, pam
>> >>> config_file_version = 2
>> >>> domains = winnet.local
>> >>> [nss]
>> >>> [pam]
>> >>> [domain/winnet.local]
>> >>> id_provider = ad
>> >>> auth_provider = ad
>> >>> access_provider = ad
>> >>> ldap_id_mapping = False
>> >>> dyndns_update = True
>> >>>
>> >>> my /etc/krb5.keytab was generatet with the --principal server1$
>> >>>
>> >> I'm confused then. I thought you'd given up with sssd...
>> >>
>> >>
>> >> --
>> >> To unsubscribe from this list go to the following URL and read the
>> >> instructions: https://lists.samba.org/mailman/options/samba
>> >
>> 
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list