samba - Feb 2021 - Samba DNS Accounts

On 04/02/2021 18:25, Bo Kersey wrote:
> AD01 is one of the ADDCs (and a domain member) running on Linux

OK, I think that means it is a Samba AD DC which is possibly being used 
as a fileserver, in which case, it is possibly samba_dnsupdate that is 
creating your record. samba_dnsupdate uses a file 'dns_update_list' to 
create missing forward zone records, the first on this list is:

A ${HOSTNAME}?????????????????????????????????????????? $IP

Without checking, I am not entirely sure where it gets ${HOSTNAME} from, 
but it is likely to be the same as the output of 'hostname -s'

A way around this would be to remove the two incorrect records and 
create the correct record with samba-tool:

samba-tool dns add ad01 samdom.example.com ad01 A ipv4_address_string

Where 'ipv4_address_string' is the computers ipaddress e.g. 192.168.0.7

You should also create the DC's reverse record.

Rowland

OK...  The problem is that I'm getting 
dns_tkey_gssnegotiate: TKEY is unacceptable 

and for some reason the dns- user account that controls this is being created as
dns-ad01.samdom.example.com instead of dns-ad01
All of my other networks dns-hostname and they work.  This network creates the
account as dns-fqdn and that is not working....

from samba_upgradedns

        # Check if dns-HOSTNAME account exists and create it if required
        secrets_msgs =
ldbs.secrets.search(expression='(samAccountName=dns-%s)' % hostname,
attrs=['secret'])
        msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
                              expression='(sAMAccountName=dns-%s)' %
(hostname),
                              attrs=[])

hostname is coming out as dns-ad01.samdom.example.com instead of dns-ad01





Bo Kersey 
VirCIO - managed network solutions 
4314 Avenue C 
Austin, TX 78751 
phone: (512)374-0500 

In theory there is no difference between theory and practice.  In practice,
there is.

----- Original Message -----
> From: "samba" <samba at lists.samba.org>
> To: "samba" <samba at lists.samba.org>
> Sent: Thursday, February 4, 2021 12:46:10 PM
> Subject: Re: [Samba] Samba DNS Accounts
> On 04/02/2021 18:25, Bo Kersey wrote:
>> AD01 is one of the ADDCs (and a domain member) running on Linux
> 
> 
> OK, I think that means it is a Samba AD DC which is possibly being used
> as a fileserver, in which case, it is possibly samba_dnsupdate that is
> creating your record. samba_dnsupdate uses a file 'dns_update_list'
to
> create missing forward zone records, the first on this list is:
> 
> A ${HOSTNAME}?????????????????????????????????????????? $IP
> 
> Without checking, I am not entirely sure where it gets ${HOSTNAME} from,
> but it is likely to be the same as the output of 'hostname -s'
> 
> A way around this would be to remove the two incorrect records and
> create the correct record with samba-tool:
> 
> samba-tool dns add ad01 samdom.example.com ad01 A ipv4_address_string
> 
> Where 'ipv4_address_string' is the computers ipaddress e.g.
192.168.0.7
> 
> You should also create the DC's reverse record.
> 
> Rowland
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba