Keith Jones
2014-Sep-05 21:34 UTC
[Samba] How to handle secure AD dynamic DNS registrations?
Hi, My apologies for the newbie question/dumb-question-of-the-day but when searching the archives I couldn't see the wood for the trees :-/ Are there any good walkthroughs/RTFMs out there for troubleshooting getting samba to register DNS entries to an AD controller that requires secure updates? I have a CentOS 6 server that seems to be set up correctly. Initially it worked fine, but then the AD controllers expired the DNS entries. As samba doesn't seem to natively refresh the registrations I ended up adding a simple cron job that ran "net ads dns register -P" on a daily basis. It worked for a while but that job is now failing. with "ERROR_DNS_GSS_ERROR" which starts implying that Kerberos tickets or machine account passwords are broken. I'm not sure if they need to be refreshed in a similar way or whether I should tinker with the samba config. A good guide that explains what I need to have setup to cover the convoluted AD needs for secure updates would be very welcome! Regards and thanks in advance for any help. Keith ___________________________________________________________ This email has been scanned by MessageLabs' Email Security System on behalf of the University of Brighton. For more information see http://www.brighton.ac.uk/is/spam/ ___________________________________________________________
Chan Min Wai
2014-Sep-07 04:01 UTC
[Samba] How to handle secure AD dynamic DNS registrations?
I think you have the right timing... Someone just ask. see here: http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd- dynamic-dns-updates-against-secure-microsoft-dns/ On Sat, Sep 6, 2014 at 5:34 AM, Keith Jones <K.E.Jones at brighton.ac.uk> wrote:> Hi, > > My apologies for the newbie question/dumb-question-of-the-day but when > searching the archives I couldn't see the wood for the trees :-/ > > Are there any good walkthroughs/RTFMs out there for troubleshooting > getting samba to register DNS entries to an AD controller that requires > secure updates? > > I have a CentOS 6 server that seems to be set up correctly. Initially it > worked fine, but then the AD controllers expired the DNS entries. As samba > doesn't seem to natively refresh the registrations I ended up adding a > simple cron job that ran "net ads dns register -P" on a daily basis. It > worked for a while but that job is now failing. with "ERROR_DNS_GSS_ERROR" > which starts implying that Kerberos tickets or machine account passwords > are broken. I'm not sure if they need to be refreshed in a similar way or > whether I should tinker with the samba config. > > A good guide that explains what I need to have setup to cover the > convoluted AD needs for secure updates would be very welcome! > > Regards and thanks in advance for any help. > > Keith > > > ___________________________________________________________ > This email has been scanned by MessageLabs' Email Security > System on behalf of the University of Brighton. > For more information see http://www.brighton.ac.uk/is/spam/ > ___________________________________________________________ > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >