Hello all, I have migrated an old Win2k Active Directory to a Samba4 only domain. Because the provision step has not been used I now do not have the dns.keytab file for secure dynamic DNS updates with bind9. I have found a useful link here:
http://us.generation-nt.com/answer/samba-dns-keytab-samba4-bind9-help-203936221.html but I am not sure if this is the right way to manually create the missing AD entries and dns.keytab file. One thing I am worried about is, that I do have two samba servers. How does the ldif file need to look like to allow both servers to update DNS entries ? dn: CN=dns-smbserver,CN=Users,DC=example,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user description: DNS Service Account for smbserver userAccountControl: 512 accountExpires: 9223372036854775807 sAMAccountName: dns-smbserver servicePrincipalName: DNS/smbserver1.example.com ???? servicePrincipalName: DNS/smbserver2.example.com ???? servicePrincipalName: DNS/example.com clearTextPassword:: base64encodedpassword What should the named.conf entry look like ? tkey-gssapi-credential "DNS/smbserver1.example.com"; tkey-domain "EXAMPLE.COM"; but what about smbserver2 ? Thank you for your kind help best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba