Jeff Sadowski
2016-May-18 16:13 UTC
[Samba] ISC's dhcp server, radvd and bind9 now adding samba as an AD DC
So I had dhcp, radvd and bind working together nicely and now I threw in a
wrench of setting up an AD DC
I want to change my dhcp server setting to put client's into the new AD
Domain but am a little hesitant as it is all working so nicely with DDNS
I'm starting to think all I need to do is edit just my dhcpd.conf and
change occurrences of DOMAIN1.SUBDOMAIN.TLD to AD.DOMAIN2.SUBDOMAIN.TLD
A little touch up of db.self and comment out and eventually remove DOMAIN1
entries as everything is working as I like.
My concern is moving from
allow-update { key rndc-key; };
notify yes;
to
update-policy {
grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA;
grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard * A
AAAA SRV CNAME;
grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA
SRV CNAME;
};
The latter being produced when I created the domain in the example configs
that I copied into mine.
I think what that is saying is let the domain controller by name have
access to the domain's entries
I'm a little concerned about verification as I know the key method is safe
and I'm not so sure about the grant method.
Is there a way to have samba use ISC's key method?
Anyone have any suggestions?
My current setup is as below.
My server name is the same as DOMAIN2 it has a ipv4 address of 192.168.1.1
and a ipv6 address of fc00:1::1111:1111:1111:1111
It's outside addresses are dhcp from my ISP I do ip masquerade on both ipv4
and ipv6
My dhcpd.conf looks as follows
#================START======================ddns-updates on;
ddns-update-style interim;
ddns-domainname "DOMAIN1.SUBDOMAIN.TLD.";
ddns-rev-domainname "in-addr.arpa.";
ignore client-updates;
option domain-search-order code 119 = string;
include "/etc/rndc.key";
zone DOMAIN1.SUBDOMAIN.TLD {
primary 192.168.1.1;
key rndc-key;
}
zone 1.168.192.in-addr.arpa. {
primary 192.168.1.1;
key rndc-key;
}
default-lease-time 100000;
max-lease-time 1000000;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.200;
option routers 192.168.1.1;
option domain-name "DOMAIN1.SUBDOMAIN.TLD.";
option domain-name-servers 192.168.1.1;
option domain-search-order
"DOMAIN1.SUBDOMAIN.TLD.,ipv6.DOMAIN1.SUBDOMAIN.TLD.";
next-server 192.168.1.1;
filename "/pxelinux.0";
allow unknown-clients;
}
#================END========================
My radvd.conf looks like so
#================START======================interface eth0
{
AdvSendAdvert on;
prefix fc00:1::/64
{
AdvOnLink on;
AdvAutonomous on;
};
RDNSS fc00:1::1111:1111:1111:1111 {};
};
#================END========================
My named.conf after adding my samba looks like so
#================START======================options {
listen-on port 53 { 127.0.0.1; 192.168.1.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/16; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ipv6.DOMAIN1.SUBDOMAIN.TLD" {
type master;
file "zones/db.ipv6.DOMAIN1.SUBDOMAIN.TLD";
allow-update { key rndc-key; };
notify yes;
};
zone "DOMAIN1.SUBDOMAIN.TLD" IN {
type master;
file "zones/db.DOMAIN1.SUBDOMAIN.TLD";
allow-update { key rndc-key; };
notify yes;
};
zone "ad.DOMAIN2.SUBDOMAIN.TLD." IN {
type master;
file "zones/db.ad.DOMAIN2.SUBDOMAIN.TLD";
update-policy {
grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA;
grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard * A
AAAA SRV CNAME;
grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA
SRV CNAME;
};
check-names ignore;
};
zone "DOMAIN2.SUBDOMAIN.TLD" IN { type master; file
"db.self"; };
#================END========================
content of db.self
#================START======================$TTL 604800 ; 1 week
@ IN SOA ns.DOMAIN1.SUBDOMAIN.TLD MY.EMAIL. (
2014092401 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS ns.DOMAIN1.SUBDOMAIN.TLD.
@ IN A 192.168.1.252
@ IN MX 10 DOMAIN2.SUBDOMAIN.TLD.
@ IN TXT "v=spf1 mx a -all"
#================END========================
my smb.conf looks like
#================START======================[global]
netbios name = DOMAIN2
realm = AD.DOMAIN2.SUBDOMAIN.TLD
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = AD
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/lib/samba/sysvol/ad.DOMAIN2.SUBDOMAIN.TLD/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
#================END========================
my krb5.conf looks like
#================START======================[libdefaults]
default_realm = AD.DOMAIN2.SUBDOMAIN.TLD
dns_lookup_realm = false
dns_lookup_kdc = true
#================END=========================
mathias dufresne
2016-May-23 16:35 UTC
[Samba] ISC's dhcp server, radvd and bind9 now adding samba as an AD DC
Hi,
Why modifying a working conf when you can build your DC on others systems
(VM)? That could be really nice to learn but you add a lot of complexity in
your process, I think.
Why not using DLZ to access your AD zones? I expect Bind to be able to mix
its behaviour: flat file for some zone, DLZ for others...
Now regarding:
update-policy {
grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA;
grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard * A
AAAA SRV CNAME;
grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA
SRV CNAME;
};
For me this means:
grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA;
Grant any authenticated user (from domain AD.DOMAIN2.SUBDOMAIN.TLD) to
modify A and AAAA it owns (ms-self) from any host (*).
grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA SRV CNAME;
Grant administrator from domain AD.DOMAIN2.SUBDOMAIN.TLD to do anything on
any A AAAA SRV CNAME from any host
same for last one.
I'm really a new comer to DNS world, these thoughts come from
http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch10_02.htm
These lines should make your Bind to use Kerberos. At least I do hope the
authentication is Kerberos (that's AD!). If it is kerberos authentication,
I expect you can rely on it as almost the whole world rely on Kerberos
these days : )
A last thing regarding ISC's key method:
https://bugzilla.samba.org/show_bug.cgi?id=11520
I don't meant this bug as something to do with what you want to achieve,
simply it could be a good thing to read if you understand anything to ISC's
key method (that I don't), perhaps you could find some leads to follow or
some information to avoid that configuration.
Sorry not to help more. Have a nice day,
mathias
2016-05-18 18:13 GMT+02:00 Jeff Sadowski <jeff.sadowski at gmail.com>:
> So I had dhcp, radvd and bind working together nicely and now I threw in a
> wrench of setting up an AD DC
>
> I want to change my dhcp server setting to put client's into the new AD
> Domain but am a little hesitant as it is all working so nicely with DDNS
>
> I'm starting to think all I need to do is edit just my dhcpd.conf and
> change occurrences of DOMAIN1.SUBDOMAIN.TLD to AD.DOMAIN2.SUBDOMAIN.TLD
> A little touch up of db.self and comment out and eventually remove DOMAIN1
> entries as everything is working as I like.
>
> My concern is moving from
> allow-update { key rndc-key; };
> notify yes;
> to
> update-policy {
> grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA;
> grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard *
A
> AAAA SRV CNAME;
> grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA
> SRV CNAME;
> };
>
> The latter being produced when I created the domain in the example configs
> that I copied into mine.
> I think what that is saying is let the domain controller by name have
> access to the domain's entries
> I'm a little concerned about verification as I know the key method is
safe
> and I'm not so sure about the grant method.
>
> Is there a way to have samba use ISC's key method?
> Anyone have any suggestions?
>
> My current setup is as below.
>
> My server name is the same as DOMAIN2 it has a ipv4 address of 192.168.1.1
> and a ipv6 address of fc00:1::1111:1111:1111:1111
> It's outside addresses are dhcp from my ISP I do ip masquerade on both
ipv4
> and ipv6
>
>
> My dhcpd.conf looks as follows
> #================START======================> ddns-updates on;
> ddns-update-style interim;
> ddns-domainname "DOMAIN1.SUBDOMAIN.TLD.";
> ddns-rev-domainname "in-addr.arpa.";
> ignore client-updates;
> option domain-search-order code 119 = string;
> include "/etc/rndc.key";
> zone DOMAIN1.SUBDOMAIN.TLD {
> primary 192.168.1.1;
> key rndc-key;
> }
> zone 1.168.192.in-addr.arpa. {
> primary 192.168.1.1;
> key rndc-key;
> }
> default-lease-time 100000;
> max-lease-time 1000000;
> subnet 192.168.1.0 netmask 255.255.255.0 {
> range 192.168.1.10 192.168.1.200;
> option routers 192.168.1.1;
> option domain-name "DOMAIN1.SUBDOMAIN.TLD.";
> option domain-name-servers 192.168.1.1;
> option domain-search-order
> "DOMAIN1.SUBDOMAIN.TLD.,ipv6.DOMAIN1.SUBDOMAIN.TLD.";
> next-server 192.168.1.1;
> filename "/pxelinux.0";
> allow unknown-clients;
> }
> #================END========================>
> My radvd.conf looks like so
> #================START======================> interface eth0
> {
> AdvSendAdvert on;
> prefix fc00:1::/64
> {
> AdvOnLink on;
> AdvAutonomous on;
> };
> RDNSS fc00:1::1111:1111:1111:1111 {};
> };
> #================END========================>
> My named.conf after adding my samba looks like so
> #================START======================> options {
> listen-on port 53 { 127.0.0.1; 192.168.1.1; };
> listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> allow-query { localhost; 192.168.1.0/16; };
> recursion yes;
> dnssec-enable yes;
> dnssec-validation yes;
> dnssec-lookaside auto;
> bindkeys-file "/etc/named.iscdlv.key";
> managed-keys-directory "/var/named/dynamic";
> pid-file "/run/named/named.pid";
> session-keyfile "/run/named/session.key";
> };
> logging {
> channel default_debug {
> file "data/named.run";
> severity dynamic;
> };
> };
> zone "." IN {
> type hint;
> file "named.ca";
> };
> zone "ipv6.DOMAIN1.SUBDOMAIN.TLD" {
> type master;
> file "zones/db.ipv6.DOMAIN1.SUBDOMAIN.TLD";
> allow-update { key rndc-key; };
> notify yes;
> };
> zone "DOMAIN1.SUBDOMAIN.TLD" IN {
> type master;
> file "zones/db.DOMAIN1.SUBDOMAIN.TLD";
> allow-update { key rndc-key; };
> notify yes;
> };
> zone "ad.DOMAIN2.SUBDOMAIN.TLD." IN {
> type master;
> file "zones/db.ad.DOMAIN2.SUBDOMAIN.TLD";
> update-policy {
> grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA;
> grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard *
A
> AAAA SRV CNAME;
> grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA
> SRV CNAME;
> };
> check-names ignore;
> };
> zone "DOMAIN2.SUBDOMAIN.TLD" IN { type master; file
"db.self"; };
> #================END========================>
> content of db.self
> #================START======================> $TTL 604800 ; 1 week
> @ IN SOA ns.DOMAIN1.SUBDOMAIN.TLD MY.EMAIL. (
> 2014092401 ; serial
> 604800 ; refresh (1 week)
> 86400 ; retry (1 day)
> 2419200 ; expire (4 weeks)
> 604800 ; minimum (1 week)
> )
> NS ns.DOMAIN1.SUBDOMAIN.TLD.
> @ IN A 192.168.1.252
> @ IN MX 10 DOMAIN2.SUBDOMAIN.TLD.
> @ IN TXT "v=spf1 mx a -all"
> #================END========================>
> my smb.conf looks like
> #================START======================> [global]
> netbios name = DOMAIN2
> realm = AD.DOMAIN2.SUBDOMAIN.TLD
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> workgroup = AD
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> [netlogon]
> path = /var/lib/samba/sysvol/ad.DOMAIN2.SUBDOMAIN.TLD/scripts
> read only = No
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
> #================END========================>
>
> my krb5.conf looks like
> #================START======================> [libdefaults]
> default_realm = AD.DOMAIN2.SUBDOMAIN.TLD
> dns_lookup_realm = false
> dns_lookup_kdc = true
> #================END========================> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Jeff Sadowski
2016-May-27 13:37 UTC
[Samba] ISC's dhcp server, radvd and bind9 now adding samba as an AD DC
I had left my config alone for now and dhcp still writes to DOMAIN1.SUBDOMAIN.TLD. But samba has been complaining about not being able to write to bind in its zone. [2016/05/27 07:30:06.738434, 0] ../source4/dsdb/dns/dns_update.c:295(dnsupdate_nameupdate_done) ../source4/dsdb/dns/dns_update.c:295: Failed DNS update - NT_STATUS_UNSUCCESSFUL If you are right about it using kerberos I think I am missing a bit more configuration to allow bind to use kerberos. I have a place for it to use the key but nothing in it about kerberos and how to verify that. On Mon, May 23, 2016 at 10:35 AM, mathias dufresne <infractory at gmail.com> wrote:> Hi, > > Why modifying a working conf when you can build your DC on others systems > (VM)? That could be really nice to learn but you add a lot of complexity in > your process, I think. > Why not using DLZ to access your AD zones? I expect Bind to be able to mix > its behaviour: flat file for some zone, DLZ for others... > > Now regarding: > update-policy { > grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA; > grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard * A > AAAA SRV CNAME; > grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA > SRV CNAME; > }; > For me this means: > grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA; > Grant any authenticated user (from domain AD.DOMAIN2.SUBDOMAIN.TLD) to > modify A and AAAA it owns (ms-self) from any host (*). > > grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA SRV CNAME; > Grant administrator from domain AD.DOMAIN2.SUBDOMAIN.TLD to do anything on > any A AAAA SRV CNAME from any host > > same for last one. > > I'm really a new comer to DNS world, these thoughts come from > http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch10_02.htm > > These lines should make your Bind to use Kerberos. At least I do hope the > authentication is Kerberos (that's AD!). If it is kerberos authentication, > I expect you can rely on it as almost the whole world rely on Kerberos > these days : ) > > A last thing regarding ISC's key method: > https://bugzilla.samba.org/show_bug.cgi?id=11520 > I don't meant this bug as something to do with what you want to achieve, > simply it could be a good thing to read if you understand anything to ISC's > key method (that I don't), perhaps you could find some leads to follow or > some information to avoid that configuration. > > Sorry not to help more. Have a nice day, > > mathias > > > > 2016-05-18 18:13 GMT+02:00 Jeff Sadowski <jeff.sadowski at gmail.com>: > >> So I had dhcp, radvd and bind working together nicely and now I threw in a >> wrench of setting up an AD DC >> >> I want to change my dhcp server setting to put client's into the new AD >> Domain but am a little hesitant as it is all working so nicely with DDNS >> >> I'm starting to think all I need to do is edit just my dhcpd.conf and >> change occurrences of DOMAIN1.SUBDOMAIN.TLD to AD.DOMAIN2.SUBDOMAIN.TLD >> A little touch up of db.self and comment out and eventually remove DOMAIN1 >> entries as everything is working as I like. >> >> My concern is moving from >> allow-update { key rndc-key; }; >> notify yes; >> to >> update-policy { >> grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA; >> grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard * A >> AAAA SRV CNAME; >> grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA >> SRV CNAME; >> }; >> >> The latter being produced when I created the domain in the example configs >> that I copied into mine. >> I think what that is saying is let the domain controller by name have >> access to the domain's entries >> I'm a little concerned about verification as I know the key method is safe >> and I'm not so sure about the grant method. >> >> Is there a way to have samba use ISC's key method? >> Anyone have any suggestions? >> >> My current setup is as below. >> >> My server name is the same as DOMAIN2 it has a ipv4 address of 192.168.1.1 >> and a ipv6 address of fc00:1::1111:1111:1111:1111 >> It's outside addresses are dhcp from my ISP I do ip masquerade on both >> ipv4 >> and ipv6 >> >> >> My dhcpd.conf looks as follows >> #================START======================>> ddns-updates on; >> ddns-update-style interim; >> ddns-domainname "DOMAIN1.SUBDOMAIN.TLD."; >> ddns-rev-domainname "in-addr.arpa."; >> ignore client-updates; >> option domain-search-order code 119 = string; >> include "/etc/rndc.key"; >> zone DOMAIN1.SUBDOMAIN.TLD { >> primary 192.168.1.1; >> key rndc-key; >> } >> zone 1.168.192.in-addr.arpa. { >> primary 192.168.1.1; >> key rndc-key; >> } >> default-lease-time 100000; >> max-lease-time 1000000; >> subnet 192.168.1.0 netmask 255.255.255.0 { >> range 192.168.1.10 192.168.1.200; >> option routers 192.168.1.1; >> option domain-name "DOMAIN1.SUBDOMAIN.TLD."; >> option domain-name-servers 192.168.1.1; >> option domain-search-order >> "DOMAIN1.SUBDOMAIN.TLD.,ipv6.DOMAIN1.SUBDOMAIN.TLD."; >> next-server 192.168.1.1; >> filename "/pxelinux.0"; >> allow unknown-clients; >> } >> #================END========================>> >> My radvd.conf looks like so >> #================START======================>> interface eth0 >> { >> AdvSendAdvert on; >> prefix fc00:1::/64 >> { >> AdvOnLink on; >> AdvAutonomous on; >> }; >> RDNSS fc00:1::1111:1111:1111:1111 {}; >> }; >> #================END========================>> >> My named.conf after adding my samba looks like so >> #================START======================>> options { >> listen-on port 53 { 127.0.0.1; 192.168.1.1; }; >> listen-on-v6 port 53 { ::1; }; >> directory "/var/named"; >> dump-file "/var/named/data/cache_dump.db"; >> statistics-file "/var/named/data/named_stats.txt"; >> memstatistics-file "/var/named/data/named_mem_stats.txt"; >> allow-query { localhost; 192.168.1.0/16; }; >> recursion yes; >> dnssec-enable yes; >> dnssec-validation yes; >> dnssec-lookaside auto; >> bindkeys-file "/etc/named.iscdlv.key"; >> managed-keys-directory "/var/named/dynamic"; >> pid-file "/run/named/named.pid"; >> session-keyfile "/run/named/session.key"; >> }; >> logging { >> channel default_debug { >> file "data/named.run"; >> severity dynamic; >> }; >> }; >> zone "." IN { >> type hint; >> file "named.ca"; >> }; >> zone "ipv6.DOMAIN1.SUBDOMAIN.TLD" { >> type master; >> file "zones/db.ipv6.DOMAIN1.SUBDOMAIN.TLD"; >> allow-update { key rndc-key; }; >> notify yes; >> }; >> zone "DOMAIN1.SUBDOMAIN.TLD" IN { >> type master; >> file "zones/db.DOMAIN1.SUBDOMAIN.TLD"; >> allow-update { key rndc-key; }; >> notify yes; >> }; >> zone "ad.DOMAIN2.SUBDOMAIN.TLD." IN { >> type master; >> file "zones/db.ad.DOMAIN2.SUBDOMAIN.TLD"; >> update-policy { >> grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA; >> grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard * A >> AAAA SRV CNAME; >> grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA >> SRV CNAME; >> }; >> check-names ignore; >> }; >> zone "DOMAIN2.SUBDOMAIN.TLD" IN { type master; file "db.self"; }; >> #================END========================>> >> content of db.self >> #================START======================>> $TTL 604800 ; 1 week >> @ IN SOA ns.DOMAIN1.SUBDOMAIN.TLD MY.EMAIL. ( >> 2014092401 ; serial >> 604800 ; refresh (1 week) >> 86400 ; retry (1 day) >> 2419200 ; expire (4 weeks) >> 604800 ; minimum (1 week) >> ) >> NS ns.DOMAIN1.SUBDOMAIN.TLD. >> @ IN A 192.168.1.252 >> @ IN MX 10 DOMAIN2.SUBDOMAIN.TLD. >> @ IN TXT "v=spf1 mx a -all" >> #================END========================>> >> my smb.conf looks like >> #================START======================>> [global] >> netbios name = DOMAIN2 >> realm = AD.DOMAIN2.SUBDOMAIN.TLD >> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, >> winbindd, ntp_signd, kcc, dnsupdate >> workgroup = AD >> server role = active directory domain controller >> idmap_ldb:use rfc2307 = yes >> [netlogon] >> path = /var/lib/samba/sysvol/ad.DOMAIN2.SUBDOMAIN.TLD/scripts >> read only = No >> [sysvol] >> path = /var/lib/samba/sysvol >> read only = No >> #================END========================>> >> >> my krb5.conf looks like >> #================START======================>> [libdefaults] >> default_realm = AD.DOMAIN2.SUBDOMAIN.TLD >> dns_lookup_realm = false >> dns_lookup_kdc = true >> #================END========================>> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >
Apparently Analagous Threads
- ISC's dhcp server, radvd and bind9 now adding samba as an AD DC
- ISC's dhcp server, radvd and bind9 now adding samba as an AD DC
- ISC's dhcp server, radvd and bind9 now adding samba as an AD DC
- ISC's dhcp server, radvd and bind9 now adding samba as an AD DC
- ISC's dhcp server, radvd and bind9 now adding samba as an AD DC