> On Jun 20, 2019, at 5:37 AM, Adam Weremczuk via samba <samba at
lists.samba.org> wrote:
>
> That's helpful.
> About half of our DHCP clients are Unixes.
> Maybe I'll find a way to make pfSense perform a Kerberos handshake with
Samba for the sake of updating DNS.
> If not, I'll just install isc-dhcp-server on the Debian container
running Samba AD.
I run pfSense too, and we don?t use the DHCP server on pfSense for several
reasons. One of which you?ve identified and the other is that the LAN interface
becomes a traffic choke point if you?re running multiple subnets within your LAN
(usually not an issue for very small businesses with a single LAN subnet).
pfSense DHCP server also isn?t intended to service DHCP requests from multiple
subnets delivered by the ip-helper function of a Cisco/HP/etc switch. Even if
you find a way to get pfSense to use Kerberos for DDNS updates into AD, you?ll
run in to these other mentioned problems quickly too. It?s generally not a good
architecture for anything but the smallest business.
I?d advise that you stick with isc-dhcp-server in a pair/partner configuration
on each of two DC?s that you run per site/building/etc
>
>
> On 20/06/19 13:25, Rowland penny via samba wrote:
>> The problem is that Windows machines can update their own records in
AD, but you need a separate user to update other users. This leads to the
obvious question, do you have any Unix clients or are they all Windows clients ?
You only need an update script if you have any Unix dhcp clients.
>>
>> The only way that I could get it to work is shown in the script I
pointed you to, by using kerberos.
>>
>> Rowland
>>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba