[Samba] How to handle secure AD dynamic DNS registrations?

Keith Jones K.E.Jones at brighton.ac.uk
Fri Sep 5 15:34:11 MDT 2014


 My apologies for the newbie question/dumb-question-of-the-day but when searching the archives I couldn't see the wood for the trees :-/

 Are there any good walkthroughs/RTFMs out there for troubleshooting getting samba to register DNS entries to an AD controller that requires secure updates?

 I have a CentOS 6 server that seems to be set up correctly. Initially it worked fine, but then the AD controllers expired the DNS entries. As samba doesn't seem to natively refresh the registrations I ended up adding a simple cron job that ran "net ads dns register -P" on a daily basis. It worked for a while but that job is now failing. with "ERROR_DNS_GSS_ERROR" which starts implying that Kerberos tickets or machine account passwords are broken. I'm not sure if they need to be refreshed in a similar way or whether I should tinker with the samba config.

 A good guide that explains what I need to have setup to cover the convoluted AD needs for secure updates would be very welcome!

Regards and thanks in advance for any help.


This email has been scanned by MessageLabs' Email Security
System on behalf of the University of Brighton.
For more information see http://www.brighton.ac.uk/is/spam/

More information about the samba mailing list