Aw: Re: Re: samba4 and bind9 - dynamic udpdates not working anymore
Rowland Penny
repenny241155 at gmail.com
Sat Dec 27 08:11:12 MST 2014
On 27/12/14 14:57, support at remsnet.de wrote:
> Karl,
>
> may you have us the output of named-sdb -V please .
>
> @ Roland ,
>
> From one of my RPI as well intel based samba ads with dlz :
>
> #### BIND DLZ-DNS ####
> dns forwarder = <eth ip>
> allow dns updates = nonsecure and secure
> nsupdate command = /usr/bin/nsupdate -g
>
> -g switch been nessary
> .... BIND’s nsupdate tool supports Microsoft’s Kerberos authentication scheme when using the -g flag
>
> Without you get an denied with spnego dns updates on Bind-DLZ on older bind9.x
> this are not required for internal dns uppon the samba docs.
>
>
> named.conf i.e what i used here :
>
> options {
>
> allow-transfer { localhost; 10.0.0.0/24; };
> allow-query { localhost; 10.0.0.0/24; };
> allow-recursion { localhost; 10.0.0.0/24; };
>
> recursion yes;
>
> dnssec-enable no;
> dnssec-validation no;
> dnssec-lookaside auto;
>
> tkey-domain "<REALM>";
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>
> }
>
>
>
>
> @ Rowland probably we shuold add some hints at https://wiki.samba.org/index.php/DNS/ToDo/shared_key_tsig
There we go, yet another wikipage that pops up out of nowhere, I will
look into it, after all, I have using samba4, dhcp and bind9 since
before samba 4.0 was released (in one form or another)
>
> as you and louis solved that allready a while ago .. see i.e https://secure.bazuin.nl/scripts/ ..
Louis's scripts are based on a setup I was using, since then I have
reverted back to just one script with everything in it.
Rowland
>
> --
> Mit freundlichen Grüßen / Best Regards
>
> Horst Venzke ; PGP NET : 1024G/082F2E6D ; http://www.remsnet.de
>
> Legal Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.
>
>
>
>
More information about the samba-technical
mailing list