[Samba] missing dns records? _ldaps._tcp ?
Harry Jede
walk2sun at arcor.de
Sat Aug 27 13:32:32 UTC 2016
On 15:14:06 wrote Rowland Penny via samba:
> On Thu, 25 Aug 2016 10:22:36 +0200
>
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> > Ok thank you guys for you input.
> >
> >
> >
> >
> >
> > So we need tot add something here :
> >
> > cat /var/lib/samba/private/dns_update_list | grep ldap
> >
> > ${IF_RWDC}SRV
> > _ldap._tcp.${DNSDOMAIN} ${HOSTNAME}
> > 389
> >
> > ${IF_RWDC}SRV
> > _ldap._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME}
> > 389
> >
> > ${IF_RWDC}SRV
> > _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} ${HOSTNAME}
> > 389
> >
> > ${IF_DC}SRV
> > _ldap._tcp.${SITE}._sites.${DNSDOMAIN}
> > ${HOSTNAME} 389
> >
> > ${IF_DC}SRV
> > _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME}
> > 389
> >
> > ${IF_PDC}SRV
> > _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME}
> > 389
> >
> > ${IF_RWGC}SRV
> > _ldap._tcp.gc._msdcs.${DNSFOREST} ${HOSTNAME}
> > 3268
> >
> > ${IF_GC}SRV
> > _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST} ${HOSTNAME}
> > 3268
> >
> > ${IF_RWDNS_DOMAIN}SRV
> > _ldap._tcp.DomainDnsZones.${DNSDOMAIN} ${HOSTNAME}
> > 389
> >
> > ${IF_DNS_DOMAIN}SRV
> > _ldap._tcp.${SITE}._sites.DomainDnsZones.${DNSDOMAIN} ${HOSTNAME}
> > 389
> >
> > ${IF_RWDNS_FOREST}SRV
> > _ldap._tcp.ForestDnsZones.${DNSFOREST} ${HOSTNAME}
> > 389
> >
> > ${IF_DNS_FOREST}SRV
> > _ldap._tcp.${SITE}._sites.ForestDnsZones.${DNSFOREST} ${HOSTNAME}
> > 389
> >
> >
> >
> >
> >
> > Ive added the SRV records now as followed, and my squid groups not
> > repond better :-) great.
> >
> > Use these commands, handy for others..
> >
> > samba-tool dns add DC1.fqdn dns_zone _ldaps._tcp SRV 'dc1.dns_zone
> > 636 0 100'
> >
> > samba-tool dns add DC1.fqdn dns_zone _ldaps._tcp SRV 'dc2.dns_zone
> > 636 0 100'
> >
> >
> >
> > now i do believe, that this needs by default in the samba installs,
> > if ssl/tls is enabled by default.
> >
> >
> >
> >
> >
> > Greetz,
> >
> >
> >
> > Louis
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > > -----Oorspronkelijk bericht-----
> > >
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland
> > > Penny via
> > >
> > > samba
> > >
> > > Verzonden: woensdag 24 augustus 2016 18:10
> > >
> > > Aan: samba at lists.samba.org
> > >
> > > Onderwerp: Re: [Samba] missing dns records? _ldaps._tcp ?
> > >
> > >
> > >
> > > On Wed, 24 Aug 2016 11:56:06 -0400
> > >
> > > lingpanda101--- via samba <samba at lists.samba.org> wrote:
> > > > I know you asked recently but I do have them from a long ago
> > > >
> > > > provisioned DC as reference.
> > >
> > > If you have them, I think you may be the only one who does ;-)
> > >
> > >
> > >
> > > A bit of searching doesn't turn up anything about _ldaps records,
> > > just
> > >
> > > _ldap.
> > >
> > >
> > >
> > > Rowland
> > >
> > >
> > >
> > >
> > >
> > > --
> > >
> > > To unsubscribe from this list go to the following URL and read
> > > the
> > >
> > > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
> No, I think you need to fix squid or at the very least, ask squid
> where they got _ldaps from, because it doesn't seem to exist on any
> AD DC.
Google search:
site:technet.microsoft.com ldaps
and you will find:
http://social.technet.microsoft.com/wiki/contents/articles/2979.event-id-1220-ldap-over-ssl-ldaps.aspx
"If you install the AD CS role and specify the Setup Type as Enterprise
on a domain controller, all domain controllers in the forest will be
configured automatically to accept LDAP over SSL."
>
> Rowland
--
Regards
Harry Jede
More information about the samba
mailing list