[Samba] Reverse zones fail with secure updates
lingpanda101
lingpanda101 at gmail.com
Tue Nov 22 14:47:08 UTC 2016
On 11/22/2016 3:43 AM, L.P.H. van Belle via samba wrote:
> Sorry your missing a screen dump..
>
> This part,
>> And is it ticked "Use this connections dns suffix in dns registration"
>> (In dhcp option 81.)
> Found in windows, network interface, TCP settings, tab DNS, in the bottem.
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle
>> via samba
>> Verzonden: dinsdag 22 november 2016 9:38
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Reverse zones fail with secure updates
>>
>> Hai James,
>>
>> What is the connection's DNS suffix of the pc?
>> And did you setup TLS in you samba?
>>
>>
>> Look here, in the advanded tcp settings of the pc. ( or ipconfig /all )
>>
>> And is it ticked "Use this connections dns suffix in dns registration"
>> (In dhcp option 81.)
>>
>> Or use Group policy editors.
>> - Computer Configuration\Administrative Templates\Network\DNS Client
>> -Connection Specific DNS Suffix: enabled, and set to your.domain.tld
>> -Register DNS records with connection-specific DNS suffix: enabled
>> -Register PTR Records: enabled
>> -Dynamic Update: enabled
>>
>> Or use static ips, then A and PTR are registered by the computer.
>>
>> Key is to remember, Windows uses the connection-specific DNS suffix to
>> register DNS records.
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens lingpanda101
>> via
>>> samba
>>> Verzonden: maandag 21 november 2016 21:14
>>> Aan: samba at lists.samba.org
>>> Onderwerp: [Samba] Reverse zones fail with secure updates
>>>
>>> Hello,
>>>
>>> I'm using Samba 4.5.1 as a ADDC and the internal DNS. If I use
>>> 'allow dns updates = secure' in my smb.conf. Only A records update. The
>>> applicable reverse zone fails to update. If I switch to using non secure
>>> updates both the A and the PTR records are updated. Is someone else able
>>> to confirm this behavior? Thanks.
>>>
>>>
>>> --
>>> - James
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
I'll point out what I have set in my smb.conf
samba-tool testparm -v | grep tls
ldap ssl = start tls
tls cafile = tls/ca.pem
tls certfile = tls/cert.pem
tls crlfile =
tls dh params file =
tls enabled = Yes
tls keyfile = tls/key.pem
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = ca_and_name
--
- James
More information about the samba
mailing list