[Samba] pfSense DHCP integration with Samba AD DDNS

[gabben]

> On Jun 20, 2019, at 5:37 AM, Adam Weremczuk via samba <samba at lists.samba.org> wrote:
> 
> That's helpful.
> About half of our DHCP clients are Unixes.
> Maybe I'll find a way to make pfSense perform a Kerberos handshake with Samba for the sake of updating DNS.
> If not, I'll just install isc-dhcp-server on the Debian container running Samba AD.

I run pfSense too, and we don’t use the DHCP server on pfSense for several reasons. One of which you’ve identified and the other is that the LAN interface becomes a traffic choke point if you’re running multiple subnets within your LAN (usually not an issue for very small businesses with a single LAN subnet). pfSense DHCP server also isn’t intended to service DHCP requests from multiple subnets delivered by the ip-helper function of a Cisco/HP/etc switch. Even if you find a way to get pfSense to use Kerberos for DDNS updates into AD, you’ll run in to these other mentioned problems quickly too. It’s generally not a good architecture for anything but the smallest business.

I’d advise that you stick with isc-dhcp-server in a pair/partner configuration on each of two DC’s that you run per site/building/etc 



> 
> 
> On 20/06/19 13:25, Rowland penny via samba wrote:
>> The problem is that Windows machines can update their own records in AD, but you need a separate user to update other users. This leads to the obvious question, do you have any Unix clients or are they all Windows clients ? You only need an update script if you have any Unix dhcp clients.
>> 
>> The only way that I could get it to work is shown in the script I pointed you to, by using kerberos.
>> 
>> Rowland
>> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba