[Samba] samba4 internal dns Server ddns for the reverse lookup Zone

Rowland Penny rowlandpenny at googlemail.com
Fri Aug 22 07:39:20 MDT 2014 

On 22/08/14 14:34, Markus Roth wrote:
> Hi everybody,
>
> first thanks a lot for all the help. Sorry that all are a little bit confused for me :-( ok, i don't know that i have to decide if i should use sssd ddns or the script from rowland. i thought i Need both. So i decide to take rowlands Skript now. So i would do the following steps for the next test:
>
> 1. Create the GPO from van Belle below
> 2. Set dyndns_update = false in the sssd.conf
> 3. check the correct permissions of dhcp sh script
> 4. Restart named, sssd, samba4, dhcpd
> 5. Restart client1 and analyse the /var/log/message protocoll
>   

Sounds a good plan to me ;-)

Rowland



>
> Gesendet: Freitag, 22. August 2014 um 12:39 Uhr
> Von: "L.P.H. van Belle" <belle at bazuin.nl>
> An: "samba at lists.samba.org" <samba at lists.samba.org>
> Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup Zone
> this is what needs to be done..
>
> # FOR USE WITH BIND9_DLZ and dynamic updates
> # It should be noted that using this method will affect functionality of windows clients,
> # as they will still attempt to update DNS on their own and will be denied permission
> # to do so as the record will be owned by the dhcp user.
> #
> # you'll need a Windows PC with the RSAT tools installed.
> # Simply create a dedicated GPO with the Group Policy Editor,
> # apply only to OUs that contain workstations
> # (so that servers can still update using 'ipconfig /registerdns')
> # and configure the following settings:
> ###
> # Computer Configuration
> # Policies
> # Administrative Templates
> # Network
> # DNS Client
> # Dynamic Update = Disabled
> # Register PTR Records = Disabled
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: steve at steve-ss.com [mailto:samba-bounces at lists.samba.org]
>> Namens steve
>> Verzonden: vrijdag 22 augustus 2014 12:13
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] samba4 internal dns Server ddns for the
>> reverse lookup Zone
>>
>> On Fri, 2014-08-22 at 09:47 +0100, Rowland Penny wrote:
>>> On 22/08/14 09:30, steve wrote:
>>>> On Fri, 2014-08-22 at 09:54 +0200, Markus Roth wrote:
>>>>> Hi Steve,
>>>>>
>>>>> oh no :-) Sicne you gave me the tip for sssd, i use it.
>> The interessting thing is that since i have sssd my server1 is
>> also doing ddns updates. Before sssd it didn't. And the ddns
>> update from my server1 is without any denied messages (server1
>> has the static IP 192.168.178.130). My client1 windows7 brings
>> first the denied message with a static ip and then it's doing
>> the updates. And at this point i thougt you said my configs
>> are ok, or the best i can get with static IPs :-)
>>>>> So i started to implement dhcp for my further tests
>> before i go to productive use. So now i have the problem with
>> dhcp i get the exit 256 message and than the denied message
> >from my client1 again. It seems that my client is doing the
>> ddns updates instead the script in the dhcp-config. :-) But i
>> don't know why. I think the exit 256 message is the problem.
>> My dhcpd-user has rw rights on the sh-script and recursive on
>> /etc/dhcp and now the sh-script is under /usr/local/sbin as
>> rowland said.
>>>>> In the dyndns.log from the sh-script it says every time
>> that no dhcp-user exists and that the script would generate one.
>>>> Hi Markus,
>>>> As we see it, you use either Rowland's dhcp
>> direct-inject-on-dc script
>>>> and turn off ddns on your clients or you use sssd on Linux
>> and allow the
>>>> window clients to send their own ddns requests. If the latter, you
>>>> disable ddns updates if you run sssd on the DC.
>>>> @Rowland Is this what we are taking about here?
>>>> Cheers and sorry about the confusion,
>>> Your confused, I think just about everybody is confused here ;-)
>>>
>>> And yes, you can only use one, either get sssd to update the
>> forward and
>>> reverse zones OR use the setup I use. You cannot use both.
>>>
>>> Rowland
>> Perfect. OK then. So the OP needs to:
>> 1. Decide which way to go. AND TELL US! Let's assume he goes with
>> Rowland's dhcp-ddns script on the DC. So,
>> 2. Disable ddns. Is this it?
>> http://support.microsoft.com/kb/816592
>> 3. Disable ddns updates from sssd on the DC and the Linux cleints in
>> sssd.conf:
>> dyndns_update=false
>> HTH
>> Steve
>>
>>
>>>> Steve
>>>>
>>>>>
>>>>> Gesendet: Freitag, 22. August 2014 um 01:01 Uhr
>>>>> Von: steve <steve at steve-ss.com>
>>>>> An: samba at lists.samba.org
>>>>> Betreff: Re: [Samba] samba4 internal dns Server ddns for
>> the reverse lookup Zone
>>>>> On Fri, 2014-08-22 at 00:19 +0200, Markus Roth wrote:
>>>>>
>>>>>> Yes I'm running sssd.conf with the dns update:
>>>>>>
>>>>>> [sssd]
>>>>>> services = nss, pam
>>>>>> config_file_version = 2
>>>>>> domains = winnet.local
>>>>>> [nss]
>>>>>> [pam]
>>>>>> [domain/winnet.local]
>>>>>> id_provider = ad
>>>>>> auth_provider = ad
>>>>>> access_provider = ad
>>>>>> ldap_id_mapping = False
>>>>>> dyndns_update = True
>>>>>>
>>>>>> my /etc/krb5.keytab was generatet with the --principal server1$
>>>>>>
>>>>> I'm confused then. I thought you'd given up with sssd...
>>>>>
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]

More information about the samba mailing list