[Samba] sernet documentation

L.P.H. van Belle belle at bazuin.nl
Fri Aug 28 06:57:42 UTC 2015

>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mark Foley
>Verzonden: donderdag 27 augustus 2015 17:14
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] sernet documentation
>Thanks for the info,

just a sugestion.. 
by example. 

>make head-or-tails of it. Not convinced samba-tool would work on
>non-Samba-builtin DNS. I'm not really a DNS guru and I don't 
>really know what it
>means to "freeze the zone first". Stopping Samba and bind 
>first is rather simple.

ok, normaly if  you update your dns zone, without stopping bind, you "freeze" the zone.
this make sure your "journal" file and zone file keeps in sync. ( if you use dynamic updates ) 

but other example, 

you stop samba. ( your authorisation layer is gone, nobody can login.. ) 
your editted "faulty" in your dns, errors can happen, we are human.. :-/ 
start samba,.. wont start.. stress.. .. etc. .

so again bind9_dlz, 2 dcs.. multimaster replication.. 
update a running bind, and always authentication available. 

and sure you can do it also with bind9_flate files, but NOT multimaster replication! 
By example.. 
a master/slave setup
Your master dns does down.. samba DBs get out of sync.. etc. 
really this is not what you want.. 
and thing like 
update-policy {grant EXAMPLE.COM krb5-self EXAMPLE.COM A AAAA;};  
DONT work ! i tried it, about a year ago.. 
even with a recompiled version of bind and samba where i added the grant in 

and why not.. 
look in the file named : named.conf.update  in the samba/private folder
There is an update-policy there, which you can not edit.. 

But, sure give it a try, and learn from it... 
I did... 



More information about the samba mailing list