В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал: > Alexander R. Fahrutdinov wrote: > > В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал: > >> Anton wrote: > >>> On 28 July 2010 01:45, k.maksimov <[email protected]> wrote: > >>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and > >>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in first > >>>> network hostname registered successfully, but in second network: > >>>> > >>>> sudo net ads join -U admin > >>>> Enter admin's password: > >>>> Using short domain name -- BUTB > >>>> Joined 'TH-2-011' to realm 'butb.by' > >>>> DNS update failed! > >>> > >>> As far as I can tell (I'm not entirely certain though) this is an > >>> Active Directory / Windows Server configuration issue around loosening > >>> permissions enough for the DHCP service to update the DNS records. > >>> > >>> I don't know exactly what settings need to be configured though, as I > >>> didn't manage to get it working either. In the end I decided to keep > >>> the standard security and just use static IPs and DNS records for > >>> winbind machines. > >> > >> I'm use static IP and I haven't DHCP. and this problem not an AD: > >> Windows machines successfully update DNS. > >> > >> also I have ~200 machines and I can't add every DNS record manually. > >
It seems, secure DNS update has broken in samba. I tried to use different versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got an error during DNS update, in spite of "wbinfo -t" and "net ads info" commands output was OK. Secure DNS update via nss-update script has sucssefully completed, but it requires a domain admin creditionals. Guys from http://rc.quest.com/topics/ddns/old.php create a patch for nss- update and GSSAPI library to use machine account instead admin one, but I don't try this. So, I don't promise to disable the secure DNS update, because it decrease AD security. Perghaps, somebody tell us, what we doing wrong? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
