On Fri, 2013-10-11 at 16:00 +1300, Andrew Bartlett wrote: > On Fri, 2013-09-13 at 09:10 +0200, christophe wrote: > > Hi, > > > > First guys, I'd like congratulate you. Samba 4 is really a cool product. > > > > I have a little problem though. > > > > The context: > > > > I have Samba4 AD DC working perfectly on a virtual machine > > for testing purpose I joined another Samba4 AD DC to the domain I had > > provisioned and it worked perfectly but my second DC VM was deleted with no > > mean to get it back. > > > > I have now a problem on my first DC as the second DC still shows up in the > > RSAT console, NTDSUTIL, DNS and also samba-tool drs showrepl. > > it seems to be impossible to delete it completely. > > > > > > I know if I were on a windows DC I'd simply have gone for forced deletion > > then metadata cleanup. > > but I don't have a windows DC. > > > > Is there a way I can permanently remove all connection to my disappeared > > second DC form the AD just using the tools provides with samba 4? > > Can you use the ADUC tools to do it? > > Yes, we are aware this isn't ideal, and patches to samba-tool are > welcome. > > > Other question: > > > > I use ISC-DHCP-SERVER with SAMBA_Internal DNS. > > > > Is there a way to have it updating records? > > >From the DNS console, it seems I can't allow for unsecure updates > > Currently this is controlled from the smb.conf, not DNS console. > > But unsecure updates are a really bad idea. Other folks have done this > with GSS-TSIG and an external script, and it would be really neat to > also support shared-key TSIG, but that requires work. Patches are very > welcome (the shared 128 bit key can be stored in or generated from the > unicodePwd). > > Andrew Bartlett >
Hi, I post this to samba list: As Cristophe, I'm trying to find a way to get records updated and I found this "howto" http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ but I'm not able to get it working properly. Mainly the script would find the old record, delete it and add the new one but as stated in my comment on the blog it fails due to TSIG error/TKEY is unacceptable. The last comment on the blog says: Just an hint for someone else who stumbles across the same problem, if you’re using Samba 4 as an AD DC, then kinit with the keytab created in the script instructions above won’t work as samba4 doesn’t seem to like the encryption type. Use -e arcfour-hmac-md5 with the addent command instead. The first script posted on the blog states # keytab can be generated using # $ ktutil # ktutil: addent -password -p dhcpdu...@example.com -k 1 -e aes256-cts-hmac-sha1-96 # Password for dhcpdu...@example.com: # ktutil: wkt dhcpduser.keytab # ktutil: quit but next changes in Using samba AD DC I used # keytab can be generated using the Samba4 tool: # samba-tool domain exportkeytab /etc/dhcpd/dhcpduser.keytab --principal=dhcpduser and klist -k dhcpduser.keytab -e shows Keytab name: WRFILE:/etc/dhcp/dhcpduser.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 dhcpdu...@saitel.loc (DES cbc mode with CRC-32) 1 dhcpdu...@saitel.loc (DES cbc mode with RSA-MD5) 1 dhcpdu...@saitel.loc (ArcFour with HMAC/md5) so it seems that the keytab contains the arcfour-hmac-md5 encription key. Can someone put some light on this? Thanks, Daniele. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
