[Samba] Join AD fails DNS update
L.P.H. van Belle
belle at bazuin.nl
Wed Jun 25 01:47:25 MDT 2014
...
for kerberos to work you need to have a A and PTR record aka good working dns setup.
but if you only need kerberos for auth on a server, and you dont want to do a domain join.
This is a good example to look in to, which i can tell works very good.
https://community.zarafa.com/pg/blog/read/18332/zarafa-outlook-amp-webaccess-sso-with-samba4
Louis
>-----Oorspronkelijk bericht-----
>Van: steve at steve-ss.com [mailto:samba-bounces at lists.samba.org]
>Namens steve
>Verzonden: dinsdag 24 juni 2014 20:34
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Join AD fails DNS update
>
>On Tue, 2014-06-24 at 20:07 +0200, Lars Hanke wrote:
>> > The ONLY way we can get it to register upon domain join is:
>> >
>> > /etc/hosts
>> > 127.0.0.1 fqdn hostname localhost
>> >
>> > And /etc/hostname
>> > fqdn
>> >
>> > 1. net ads leave -UAdministrator
>> > 2. remove the A record on the DC
>> > 3. net ads join -UAdministrator
>>
>> Left the domain, changed /etc/hosts and /etc/hostname,
>couldn't remove
>> any A record (see other post), joined again => same situation.
>>
>> However, after leaving the dn:
>> CN=samba4,CN=Computers,DC=ad,DC=microsult,DC=de in sam.ldb
>was gone on
>> the AD DC. After joining a new one appeared. So the join
>seems to work.
>>
>> Regards,
>> - lars.
>
>Hi lars
>Is there a pressing reason to have the Samba box registered in DNS? It
>is very difficult to do and is not necessary unless you are running any
>kerberized service on it. For an AD client or a samba file server all
>you need is a keytab.
>Just a thought. . .
>Steve
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list