[Samba] Samba clients to windows AD server - DDNS problem
Rowland penny
rpenny at samba.org
Thu May 12 10:45:57 UTC 2016
On 12/05/16 10:25, AJ Venter wrote:
> Hi,
> Our team has spent several days trying to resolve this and digging through hundreds of documentation pages. There is an overwhelming amount of documentation for building AD servers with samba which makes finding relevant documentation for our situation a case of finding a needle in a haystack (when the needle is made of hay). So I'm hoping the users on this list can help with our problem. This company was a pure windows shop a few years ago, in the intervening time Linux has become a key component running many servers. Until recently we used a custom home-grown tool to query the AD server using LDAP, identify which users were allowed to log in on a machine, create their accounts and install their public keys.
>
> We are now trying to migrate to a setup where we directly authenticate with AD using SAMBA and PAM. The authentication setup is working fine, but requires the machines to be added to the domain, which we also did. Once this is done the preferred way to manage DNS is to use the AD server for this as well using dynamic DNS entries so that machines once decommissioned get cleaned up automatically. This is where things go wrong. The original net ads join command correctly creates the dynamic DNS entries but these entries are never updated - so they end up being deleted once the records expire. Despite days of searching we cannot seem to work out how these updates are meant to happen. With windows clients they are done automatically but on Linux it seems nothing is doing triggering this.
>
> The majority of our Linux systems are Ubuntu Server 14.04 LTS with a small number of OEL7 systems mixed in (due to an upstream provider of a critical application which cannot run on any other distribution).
>
> Could somebody please provide some insight into how to fix the DDNS update to be automated ? Can this be done ? A link to the appropriate manual would be perfectly fine - we may simply not know what search term we should have been using.
>
> Regards
> A.J. Venter
> ---
> "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan.
>
> To read our Email Legal Notice, browse to this
> URL:
> http://www.allangray.co.za/legal/email_legal.aspx [
> http://www.allangray.co.za/legal/email_legal.aspx ]
How are your Linux clients getting their ipaddresses ?
if it is from a Linux dhcp server, then have a look here:
http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
Rowland
More information about the samba
mailing list