[Samba] Question regarding creation of dns.keytab for joined Samba4 server

January 14th, 2012 - 06:20 am ET by Andreas Oster | Report spam

Hello all,

I have migrated an old Win2k Active Directory to a Samba4 only
domain. Because the provision step has not been used I now do
not have the dns.keytab file for secure dynamic DNS updates
with bind9. I have found a useful link here:

http://us.generation-nt.com/answer/...36221.html

but I am not sure if this is the right way to manually create
the missing AD entries and dns.keytab file.

One thing I am worried about is, that I do have two samba servers.
How does the ldif file need to look like to allow both servers to
update DNS entries ?

dn: CN=dns-smbserver,CN=Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
description: DNS Service Account for smbserver
userAccountControl: 512
accountExpires: 9223372036854775807
sAMAccountName: dns-smbserver
servicePrincipalName: DNS/smbserver1.example.com ????
servicePrincipalName: DNS/smbserver2.example.com ????
servicePrincipalName: DNS/example.com
clearTextPassword:: base64encodedpassword

What should the named.conf entry look like ?

tkey-gssapi-credential "DNS/smbserver1.example.com";
tkey-domain "EXAMPLE.COM";

but what about smbserver2 ?

Thank you for your kind help

best regards

Andreas

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Follow the discussion Replies

1 reply

Make a reply

Replies

#1 Andreas Oster

January 14th, 2012 - 10:00 am ET | Report spam

Andreas Oster <aoster <at>
novanetwork.de> writes:

Hello all,

I have migrated an old Win2k Active

Directory to a Samba4 only

domain. Because the provision step

has not been used I now do

not have the dns.keytab file for secure

dynamic DNS updates

with bind9. I have found a useful link

here:

http://us.generation-nt.com/answer/

samba-dns-keytab-samba4-bind9-help-
203936221.html

but I am not sure if this is the right way

to manually create

the missing AD entries and dns.keytab

file.

One thing I am worried about is, that I

do have two samba servers.

How does the ldif file need to look like

to allow both servers to

update DNS entries ?

dn: CN=dns-

smbserver,CN=Users,DC=example,DC=co
m

objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
description: DNS Service Account for

smbserver

userAccountControl: 512
accountExpires: 9223372036854775807
sAMAccountName: dns-smbserver
servicePrincipalName: DNS/

smbserver1.example.com ????

servicePrincipalName: DNS/

smbserver2.example.com ????

servicePrincipalName: DNS/

example.com

clearTextPassword::

base64encodedpassword

What should the named.conf entry look

like ?

tkey-gssapi-credential "DNS/

smbserver1.example.com";

tkey-domain "EXAMPLE.COM";

but what about smbserver2 ?

Thank you for your kind help

best regards

Andreas

Hello all,

I have found some information in a
previous post by Andrew Bartlett. There
he pointed out, that only one samba
server can send DNS updates to bind9.

But what happens if the first server is not
functional ?

best regards

Andreas

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Read all the answers

[Samba] Question regarding creation of dns.keytab for joined Samba4 server

Replies

Similar topics