[Samba] Active Directory 'add machine script' parameter

Quentin Gibeaux qgibeaux at iris-tech.fr
Mon Jun 23 07:56:38 MDT 2014 

On 23/06/2014 15:20, Rowland Penny wrote:
> On 23/06/14 14:02, Quentin Gibeaux wrote:
>> On 23/06/2014 14:22, Rowland Penny wrote:
>>> On 23/06/14 13:05, Quentin Gibeaux wrote:
>>>> On 23/06/2014 12:27, Rowland Penny wrote:
>>>>> Just what else are you likely to what to do after adding a machine 
>>>>> account? 
>>>> Adding hostname/ip in some list that is used by my interface to 
>>>> manage static dhcp leases and accesses. This interface doesn't 
>>>> manage only machines that are added to the domain, that's why it's 
>>>> not listing by requesting ldap.
>>>
>>> Are you wanting/trying to add machines dns details to AD DNS for 
>>> machines that are not joined to the domain ??
>>> If so, I cannot recommend doing this, the only machines that should 
>>> be in AD, are machines joined to the domain
>> No, that's not what i meant. I'm not trying to include my stuff to 
>> AD, but connecting AD to my stuff.
>
> Er, but no, I think that you will find that you have to do it the 
> other way round, connect your stuff to AD
>
>> I'll try to keep AD clean with AD machines, but on my own interface 
>> i've both AD machines and not. 
>
> Just what do you mean by 'my own interface' ?? are you referring to 
> your dns domain or something else.
>
I've a frontend web interface that manage hosts (name, ip, in domain or 
not, and so on). I can add/remove/edit them. It then runs in backend 
what needs to be run (joining domain, changing dhcp lease, and so on). 
The adding of a machine to the domain through this interface still 
require to join the domain on the host (for password matters), but the 
computer exists on AD.

What i was doing on S3, and am trying to still do with S4 is to feed my 
configuration when adding a machine to the domain through windows' 
interface : when added, it adds the machine to my general hosts' list 
(AD and not in AD), automatically create a static DHCP lease, add dns 
entry (not necessary now, i think), and so on.

So two ways to add a machine to the domain : through my web frontend, 
and through Samba. Both had the same effect on the server and the web 
interface because of 'add machine script' call.

>> I think i'll stay with my own bind with bind_dlz backend : is that 
>> still not recommended to have DNS entries that aren't referenced as 
>> AD hosts ?
>
> If you want to use samba4 with bind9 and dhcp, I can help you there, 
> but you still shouldn't have machines in the AD dns zone that are not 
> joined to the AD, the recommended way is to put your AD in a sub-zone 
> of your domain i.e. if your dns domain is 'example.com', use 
> 'samba.example.com' for your AD domain.
>
>>
>>
>> But the main point was the DHCP leases, i used 'add machine script' 
>> to update my dhcpd server's configuration to add lease for this new 
>> host.
>> It was great because it was automatic, due to the fact that samba was 
>> calling the script after adding machine to the domain, but if there's 
>> no such trigger anymore, i'll find something else.
>
> You can use the 'net' command to join a machine to AD, this should add 
> your machine to the AD forward zone, or there is msktutil or realmd 
> available, neither of which I have tried, but both have their fans, so 
> could be worth trying.
>
> Rowland
>
>>
>>
>>>>
>>>> So in fact, what i was doing was calling my script with %I (ip 
>>>> address) and %u (user, but here hostname) to work with my backend.
>>>
>>> If on the other hand, you are not doing what I think you are doing, 
>>> you could try scripting around 'samba-tool dns', see 'samba-tool dns 
>>> --help' for more info.
>>>
>> I'll take a look at it, but the main problem is to launch it 
>> automatically.
>>> Rowland
>>>
>>>
>> Quentin Gibeaux
>>
>

More information about the samba mailing list