[Samba] Site-specific DNS (was: several offices: home dirs, local resources, ...)

[Kris Lou]

>
>
> (I tried to hack DNS for this, with unbound, - it turned out their
> local-data override does not provide CNAMEs; when I asked about
> this, they told to use AD-provided functionality for this, - which
> I'm trying to implement, so far unsuccessfully).


Unbound should be able to functionally do this with local-data overrides,
though I may not have the proper syntax for it.  (I use it on pfSense, with
only a few "custom options" specified to override a target's A record.
Perhaps this is the difference in syntax, and why they do not provide true
CNAMEs.).  DNSMasq will do it as well, and is super easy to configure, but
much less capable.

I mean, site1 already have FS name registred. I also want site2 to register
> this name (in their location). But this fails, when adding
> ServicePrincipalName
> due to unique constraint.  Without adding an SPN for "fs", the member
> server
> fails to autenticate:


I've never inspected client tickets when doing this.  I always considered
"\\<shortname>" and "\\<cname>" would be the same, eventually resolving to
"\\<ip-address>".  Doing a bit of further reading, MS clients would (used
to?) default to NTLM when mounting SMB shares via IP address.

But I think the problem is that "fs" is probably already a registered SPN
(and a Computer record) in your directory?  Is that the correct hostname?
I have unique hostnames, but "fs" (or "shares" in my case) is already and
_only_ a CNAME, with no SPNs created.  Apparently, MS doesn't use SPNs for
CNAMEs, but does require a registration for the A record behind it.
https://serverfault.com/a/1050818


Kris Lou
klou at themusiclink.net

>
>