Александр Р. Фахрутдинов
2009-Dec-29 13:42 UTC
[Samba] DNS update via trusted machine account
As is known, Samba creates or updates AD DNS record only when it has joining to domain. When OS gets a new IP address via DHCP, there is no method for automatically DNS upgate with Samba. It's possible to update DNS with nsupdate-gss script, but it requests Kerberos TKEY, derived through kinit utility or pam_winbind module. In both cases, a domain admin password requests. However, Windows updates DNS using machine account. I think, if Samba exports a machine key somehow, it may be used for automatically DNS update via nsupdate-gss. Is someone knows how to export a machine key from Samba?
Not sure if you need to export the key. If you run 'net ads dns register -P' it will use the machine account. You can put that in the script that runs when there is a network change. I'm not near a machine right now, but Debian has it in /etc/network/. Robert LeBlanc On Dec 29, 2009 7:48 AM, "????????? ?. ???????????" <alex_mgsm at mail.ru> wrote: As is known, Samba creates or updates AD DNS record only when it has joining to domain. When OS gets a new IP address via DHCP, there is no method for automatically DNS upgate with Samba. It's possible to update DNS with nsupdate-gss script, but it requests Kerberos TKEY, derived through kinit utility or pam_winbind module. In both cases, a domain admin password requests. However, Windows updates DNS using machine account. I think, if Samba exports a machine key somehow, it may be used for automatically DNS update via nsupdate-gss. Is someone knows how to export a machine key from Samba? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba