[Samba] DHCP dynamic updates by non-root dhcp user
Rowland Penny
rpenny at samba.org
Wed Dec 13 08:12:43 UTC 2023
On Wed, 13 Dec 2023 08:39:28 +0100
"Pluess, Tobias via samba" <samba at lists.samba.org> wrote:
> Good day
>
> I have sort of a similar question. I also wanted to setup dynamic DNS
> updates.
> And I found that the command
>
> net ads dns register -P
>
> updates the computer's DNS account, and to do that, it needs neither
> Kerberos nor something else, but instead uses the machine account to
> authenticate itself to AD.
ER, what do you think the machine account uses ?
Could it be kerberos ?????
>
> It does not, however, update the PTR record, unfortunately.
That's why you need the script.
>
> I experimented a bit with this and found that it worked on my Samba
> DC even with secure DNS updates only, so if this is really true I
> propose to add a hook script for the DHCP client that is called
> whenever the DHCP lease expires, and will automatically update the
> DNS. I was even thinking about adding this command to crontab and
> calling it every hour.
>
> I have not yet tested this with an unprivileged account, though, but I
> cannot understand why this shouldn't work, as it uses the computer
> account to athenticate. So if it really works with
>
> net ads dns register -P
>
> why should someone even bother with complicated scripts? just let each
> client do its own DNS update, as the Windows clients do?
Because Linux clients cannot update all their records, unlike Windows
clients that can, also the script first started back in about 2014.
If there is a better way of getting Unix clients to update their own
records, then I am very willing to listen.
>
> The really awesome stuff would be if it even worked for the PTR
> record too.
Care to write the required code ?
Rowland
More information about the samba
mailing list