[Samba] samba4 internal dns Server ddns for the reverse lookup Zone

Markus Roth markusroth1983 at gmx.net
Fri Aug 22 07:34:48 MDT 2014 

Hi everybody,

first thanks a lot for all the help. Sorry that all are a little bit confused for me :-( ok, i don't know that i have to decide if i should use sssd ddns or the script from rowland. i thought i Need both. So i decide to take rowlands Skript now. So i would do the following steps for the next test:

1. Create the GPO from van Belle below
2. Set dyndns_update = false in the sssd.conf
3. check the correct permissions of dhcp sh script
4. Restart named, sssd, samba4, dhcpd
5. Restart client1 and analyse the /var/log/message protocoll  
 

Gesendet: Freitag, 22. August 2014 um 12:39 Uhr
Von: "L.P.H. van Belle" <belle at bazuin.nl>
An: "samba at lists.samba.org" <samba at lists.samba.org>
Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup Zone
this is what needs to be done..

# FOR USE WITH BIND9_DLZ and dynamic updates
# It should be noted that using this method will affect functionality of windows clients,
# as they will still attempt to update DNS on their own and will be denied permission
# to do so as the record will be owned by the dhcp user.
#
# you'll need a Windows PC with the RSAT tools installed.
# Simply create a dedicated GPO with the Group Policy Editor,
# apply only to OUs that contain workstations
# (so that servers can still update using 'ipconfig /registerdns')
# and configure the following settings:
###
# Computer Configuration
# Policies
# Administrative Templates
# Network
# DNS Client
# Dynamic Update = Disabled
# Register PTR Records = Disabled

Greetz,

Louis


>-----Oorspronkelijk bericht-----
>Van: steve at steve-ss.com [mailto:samba-bounces at lists.samba.org]
>Namens steve
>Verzonden: vrijdag 22 augustus 2014 12:13
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] samba4 internal dns Server ddns for the
>reverse lookup Zone
>
>On Fri, 2014-08-22 at 09:47 +0100, Rowland Penny wrote:
>> On 22/08/14 09:30, steve wrote:
>> > On Fri, 2014-08-22 at 09:54 +0200, Markus Roth wrote:
>> >> Hi Steve,
>> >>
>> >> oh no :-) Sicne you gave me the tip for sssd, i use it.
>The interessting thing is that since i have sssd my server1 is
>also doing ddns updates. Before sssd it didn't. And the ddns
>update from my server1 is without any denied messages (server1
>has the static IP 192.168.178.130). My client1 windows7 brings
>first the denied message with a static ip and then it's doing
>the updates. And at this point i thougt you said my configs
>are ok, or the best i can get with static IPs :-)
>> >>
>> >> So i started to implement dhcp for my further tests
>before i go to productive use. So now i have the problem with
>dhcp i get the exit 256 message and than the denied message
>from my client1 again. It seems that my client is doing the
>ddns updates instead the script in the dhcp-config. :-) But i
>don't know why. I think the exit 256 message is the problem.
>My dhcpd-user has rw rights on the sh-script and recursive on
>/etc/dhcp and now the sh-script is under /usr/local/sbin as
>rowland said.
>> >> In the dyndns.log from the sh-script it says every time
>that no dhcp-user exists and that the script would generate one.
>> >>
>> > Hi Markus,
>> > As we see it, you use either Rowland's dhcp
>direct-inject-on-dc script
>> > and turn off ddns on your clients or you use sssd on Linux
>and allow the
>> > window clients to send their own ddns requests. If the latter, you
>> > disable ddns updates if you run sssd on the DC.
>> > @Rowland Is this what we are taking about here?
>> > Cheers and sorry about the confusion,
>>
>> Your confused, I think just about everybody is confused here ;-)
>>
>> And yes, you can only use one, either get sssd to update the
>forward and
>> reverse zones OR use the setup I use. You cannot use both.
>>
>> Rowland
>
>Perfect. OK then. So the OP needs to:
>1. Decide which way to go. AND TELL US! Let's assume he goes with
>Rowland's dhcp-ddns script on the DC. So,
>2. Disable ddns. Is this it?
>http://support.microsoft.com/kb/816592
>3. Disable ddns updates from sssd on the DC and the Linux cleints in
>sssd.conf:
>dyndns_update=false
>HTH
>Steve
>
>
>>
>> > Steve
>> >
>> >>
>> >>
>> >> Gesendet: Freitag, 22. August 2014 um 01:01 Uhr
>> >> Von: steve <steve at steve-ss.com>
>> >> An: samba at lists.samba.org
>> >> Betreff: Re: [Samba] samba4 internal dns Server ddns for
>the reverse lookup Zone
>> >> On Fri, 2014-08-22 at 00:19 +0200, Markus Roth wrote:
>> >>
>> >>> Yes I'm running sssd.conf with the dns update:
>> >>>
>> >>> [sssd]
>> >>> services = nss, pam
>> >>> config_file_version = 2
>> >>> domains = winnet.local
>> >>> [nss]
>> >>> [pam]
>> >>> [domain/winnet.local]
>> >>> id_provider = ad
>> >>> auth_provider = ad
>> >>> access_provider = ad
>> >>> ldap_id_mapping = False
>> >>> dyndns_update = True
>> >>>
>> >>> my /etc/krb5.keytab was generatet with the --principal server1$
>> >>>
>> >> I'm confused then. I thought you'd given up with sssd...
>> >>
>> >>
>> >> --
>> >> To unsubscribe from this list go to the following URL and read the
>> >> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]
>> >
>>
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]

More information about the samba mailing list