Andreas Oster <aoster <at> novanetwork.de> writes: > > Hello all, > > I have migrated an old Win2k Active Directory to a Samba4 only > domain. Because the provision step has not been used I now do > not have the dns.keytab file for secure dynamic DNS updates > with bind9. I have found a useful link here: > > http://us.generation-nt.com/answer/ samba-dns-keytab-samba4-bind9-help- 203936221.html > > but I am not sure if this is the right way to manually create > the missing AD entries and dns.keytab file. > > One thing I am worried about is, that I do have two samba servers. > How does the ldif file need to look like to allow both servers to > update DNS entries ? > > dn: CN=dns- smbserver,CN=Users,DC=example,DC=co m > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > description: DNS Service Account for smbserver > userAccountControl: 512 > accountExpires: 9223372036854775807 > sAMAccountName: dns-smbserver > servicePrincipalName: DNS/ smbserver1.example.com ???? > servicePrincipalName: DNS/ smbserver2.example.com ???? > servicePrincipalName: DNS/ example.com > clearTextPassword:: base64encodedpassword > > What should the named.conf entry look like ? > > tkey-gssapi-credential "DNS/ smbserver1.example.com"; > tkey-domain "EXAMPLE.COM"; > > but what about smbserver2 ? > > Thank you for your kind help > > best regards > > Andreas >
Hello all, I have found some information in a previous post by Andrew Bartlett. There he pointed out, that only one samba server can send DNS updates to bind9. But what happens if the first server is not functional ? best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba