[Samba] Active Directory 'add machine script' parameter

Rowland Penny rowlandpenny at googlemail.com
Mon Jun 23 07:20:42 MDT 2014 

On 23/06/14 14:02, Quentin Gibeaux wrote:
> On 23/06/2014 14:22, Rowland Penny wrote:
>> On 23/06/14 13:05, Quentin Gibeaux wrote:
>>> On 23/06/2014 12:27, Rowland Penny wrote:
>>>> Just what else are you likely to what to do after adding a machine 
>>>> account? 
>>> Adding hostname/ip in some list that is used by my interface to 
>>> manage static dhcp leases and accesses. This interface doesn't 
>>> manage only machines that are added to the domain, that's why it's 
>>> not listing by requesting ldap.
>>
>> Are you wanting/trying to add machines dns details to AD DNS for 
>> machines that are not joined to the domain ??
>> If so, I cannot recommend doing this, the only machines that should 
>> be in AD, are machines joined to the domain
> No, that's not what i meant. I'm not trying to include my stuff to AD, 
> but connecting AD to my stuff.

Er, but no, I think that you will find that you have to do it the other 
way round, connect your stuff to AD

> I'll try to keep AD clean with AD machines, but on my own interface 
> i've both AD machines and not. 

Just what do you mean by 'my own interface' ?? are you referring to your 
dns domain or something else.

> I think i'll stay with my own bind with bind_dlz backend : is that 
> still not recommended to have DNS entries that aren't referenced as AD 
> hosts ?

If you want to use samba4 with bind9 and dhcp, I can help you there, but 
you still shouldn't have machines in the AD dns zone that are not joined 
to the AD, the recommended way is to put your AD in a sub-zone of your 
domain i.e. if your dns domain is 'example.com', use 'samba.example.com' 
for your AD domain.

>
>
> But the main point was the DHCP leases, i used 'add machine script' to 
> update my dhcpd server's configuration to add lease for this new host.
> It was great because it was automatic, due to the fact that samba was 
> calling the script after adding machine to the domain, but if there's 
> no such trigger anymore, i'll find something else.

You can use the 'net' command to join a machine to AD, this should add 
your machine to the AD forward zone, or there is msktutil or realmd 
available, neither of which I have tried, but both have their fans, so 
could be worth trying.

Rowland

>
>
>>>
>>> So in fact, what i was doing was calling my script with %I (ip 
>>> address) and %u (user, but here hostname) to work with my backend.
>>
>> If on the other hand, you are not doing what I think you are doing, 
>> you could try scripting around 'samba-tool dns', see 'samba-tool dns 
>> --help' for more info.
>>
> I'll take a look at it, but the main problem is to launch it 
> automatically.
>> Rowland
>>
>>
> Quentin Gibeaux
>

More information about the samba mailing list