[Samba] How to handle secure AD dynamic DNS registrations?

Chan Min Wai dcmwai at gmail.com
Sat Sep 6 22:01:40 MDT 2014


I think you have the right timing...

Someone just ask.

see here: http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-
dynamic-dns-updates-against-secure-microsoft-dns/




On Sat, Sep 6, 2014 at 5:34 AM, Keith Jones <K.E.Jones at brighton.ac.uk>
wrote:

> Hi,
>
>  My apologies for the newbie question/dumb-question-of-the-day but when
> searching the archives I couldn't see the wood for the trees :-/
>
>  Are there any good walkthroughs/RTFMs out there for troubleshooting
> getting samba to register DNS entries to an AD controller that requires
> secure updates?
>
>  I have a CentOS 6 server that seems to be set up correctly. Initially it
> worked fine, but then the AD controllers expired the DNS entries. As samba
> doesn't seem to natively refresh the registrations I ended up adding a
> simple cron job that ran "net ads dns register -P" on a daily basis. It
> worked for a while but that job is now failing. with "ERROR_DNS_GSS_ERROR"
> which starts implying that Kerberos tickets or machine account passwords
> are broken. I'm not sure if they need to be refreshed in a similar way or
> whether I should tinker with the samba config.
>
>  A good guide that explains what I need to have setup to cover the
> convoluted AD needs for secure updates would be very welcome!
>
> Regards and thanks in advance for any help.
>
> Keith
>
>
> ___________________________________________________________
> This email has been scanned by MessageLabs' Email Security
> System on behalf of the University of Brighton.
> For more information see http://www.brighton.ac.uk/is/spam/
> ___________________________________________________________
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list