В сообщении от 29 июля 2010 09:08:29 автор Alexander R. Fahrutdinov написал: > В сообщении от 28 июля 2010 18:10:29 автор k.maksimov написал: > > Alexander R. Fahrutdinov wrote: > > > В сообщении от 28 июля 2010 10:15:25 автор k.maksimov написал: > > >> Anton wrote: > > >>> On 28 July 2010 01:45, k.maksimov <[email protected]> wrote: > > >>>> I have two networks: 192.168.1.0 with netmask 255.255.255.0 and > > >>>> 172.16.0.0 with netmask 255.255.254.0, when I join in domain in > > >>>> first network hostname registered successfully, but in second > > >>>> network: > > >>>> > > >>>> sudo net ads join -U admin > > >>>> Enter admin's password: > > >>>> Using short domain name -- BUTB > > >>>> Joined 'TH-2-011' to realm 'butb.by' > > >>>> DNS update failed! > > >>> > > >>> As far as I can tell (I'm not entirely certain though) this is an > > >>> Active Directory / Windows Server configuration issue around > > >>> loosening permissions enough for the DHCP service to update the DNS > > >>> records. > > >>> > > >>> I don't know exactly what settings need to be configured though, as I > > >>> didn't manage to get it working either. In the end I decided to keep > > >>> the standard security and just use static IPs and DNS records for > > >>> winbind machines. > > >> > > >> I'm use static IP and I haven't DHCP. and this problem not an AD: > > >> Windows machines successfully update DNS. > > >> > > >> also I have ~200 machines and I can't add every DNS record manually. > > It seems, secure DNS update has broken in samba. I tried to use different > versions of samba (3.2.4, 3.4.4, 3.5.4, etc), but always got an error > during DNS update, in spite of "wbinfo -t" and "net ads info" commands > output was OK. > > Secure DNS update via nss-update script has sucssefully completed, but it > requires a domain admin creditionals. > Guys from http://rc.quest.com/topics/ddns/old.php create a patch for nss- > update and GSSAPI library to use machine account instead admin one, but I > don't try this. > > So, I don't promise to disable the secure DNS update, because it decrease > AD security. > > Perghaps, somebody tell us, what we doing wrong?
Earlier I tested DNS update on samba package included in Debian Etch, Lenny and testing Debian branch. Now I download CentOS distribution and try to update DNS via "net ads dns register -P" command. I'm surprised when command reports "Successfully registered hostname with DNS" with samba 3.0.33 and 3.5.4 versions. So, it isn't samba problem, but problem of specific distribution. And what's your distribution? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
