AFAIK sssd on RHEL is by default doing dyndny updates and it needs to be disabled in the config. Same for a Windows. Instead of client configuration which can be changed by any sysadmin I prefer to deny DNS updates centrally, where I have control. Br ________________________________ From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org> Sent: Monday, December 16, 2024 6:53:34 PM To: samba at lists.samba.org <samba at lists.samba.org> Cc: Rowland Penny <rpenny at samba.org> Subject: Re: [Samba] Error when joining new DC On Mon, 16 Dec 2024 17:42:33 +0000 Peter Mittermayer via samba <samba at lists.samba.org> wrote:> I really would like to do that. That's exactly why I'm asking if DNS > update can be allowed for DCs only and denied for all other clients. > I looked into it a few years ago but did not find a (simple) solution > to this. > > Br >You seem to be conflating the requirement with using the 'tkey' line and the clients updating their dns records. By default, Unix clients will not even attempt to update their dns records and you can stop Windows clients from doing so. You need the 'tkey' line, I suggest you use it. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On Tue, 17 Dec 2024 05:54:55 +0000 Peter Mittermayer via samba <samba at lists.samba.org> wrote:> AFAIK sssd on RHEL is by default doing dyndny updates and it needs to > be disabled in the config. Same for a Windows.That is easy to fix, there is no reason to use sssd with Samba, it is pointless, so, on redhat: systemctl stop sssd systemctl disable sssd> > Instead of client configuration which can be changed by any sysadmin > I prefer to deny DNS updates centrally, where I have control.As I said, Linux doesn't do them and you can use a GPO to stop any Windows clients doing them, but you really should have the 'tkey' line active in your named.conf. Rowland