search for: setprincipal

Am 09.01.19 um 14:01 schrieb Rowland Penny via samba: > Try reading this: > > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9 > > It's for DHCP updating dns records, but it uses a dedicated user and > kerberos, so it should help you. Thats exactly what I wanted, thanks. Just a little problem, "samba-tool [...] -k yes" after

...c ticket cache export KRB5CCNAME="/tmp/dhcp-dyndns.cc" +if [ -f "$KRB5CCNAME" -a ! -r "$KRB5CCNAME" ] +then + echo "File krbcc ticket cache $KRB5CCNAME is not readable. Remove it with 'rm -f $KRB5CCNAME'" + exit 1 +fi + # Kerberos principal SETPRINCIPAL="dhcpduser@${REALM}" # Kerberos keytab @@ -43,13 +49,15 @@ fi # Check for Kerberos keytab -if [ ! -f /etc/dhcp/dhcpduser.keytab ]; then - echo "Required keytab /etc/dhcpduser.keytab not found, it needs to be created." +dhcpduser_keytab='/etc/samba/dhcpduser.keytab...

On Thu, 3 Sep 2015, Rowland Penny wrote: > What are the permissions on /var/lib/samba/private/dns ? Also don't forget the permissions on /var/lib/samba/private If you're using sernet's packages, you'll have to chgrp it to to named or give it o+x perms.

...1) > # Set to YES to use TXT RRs > TXTRRS="NO" > # Additional nsupdate flags (-g already applied), e.g. "-d" for debug > #NSUPDFLAGS="-d" > # DNS nameserver > ns=127.0.0.1 > # > ## Do not change anything below here > # Kerberos principal > SETPRINCIPAL=$SETDHCPUSER@$SETREALM > # Kerberos keytab > SETDHCPKEYTAB=/etc/$SETDHCPUSER.keytab > # Default DNS resource records TTL > RRTTL="3600" > > # krbcc ticket cache > export KRB5CCNAME="/tmp/dhcp-dyndns.cc" > > ## Command locations, with full paths it spee...

Il giorno mar, 25/04/2017 alle 14.36 +0100, Rowland Penny via samba ha scritto: > > However I would like to enable also the DHCP service, and think > > it's right to activate it on this server. > > > > What is the best way to do so? > > Well you could always do it the way I have been doing it for the last > 5 years, see here: > >

...t; soon make an appearance), export the cache to use <export > KRB5CCNAME="/tmp/dhcp-dyndns.cc"> and then use '$KRB5CCNAME' wherever > '/tmp/dhcp-dyndns.cc' appears, except for: > > kinit -F -k -t /etc/dhcpduser.keytab -c /tmp/dhcp-dyndns.cc > "${SETPRINCIPAL}" > > Where all you need is: > > kinit -F -k -t /etc/dhcpduser.keytab "${SETPRINCIPAL}" > > I have updated my dhcp-dyndns.sh script to match the above and it > appears to be working without errors. If this continues for 24hrs the > wikipage will be updated....

...(I feel version 0.8.10 will soon make an appearance), export the cache to use <export KRB5CCNAME="/tmp/dhcp-dyndns.cc"> and then use '$KRB5CCNAME' wherever '/tmp/dhcp-dyndns.cc' appears, except for: kinit -F -k -t /etc/dhcpduser.keytab -c /tmp/dhcp-dyndns.cc "${SETPRINCIPAL}" Where all you need is: kinit -F -k -t /etc/dhcpduser.keytab "${SETPRINCIPAL}" I have updated my dhcp-dyndns.sh script to match the above and it appears to be working without errors. If this continues for 24hrs the wikipage will be updated. As far as samba-tool is concerned, you...

...UR dns domain domain=example.com # TXT RRs (rfc4701) # Set to YES to use TXT RRs TXTRRS="NO" # Additional nsupdate flags (-g already applied), e.g. "-d" for debug #NSUPDFLAGS="-d" # DNS nameserver ns=127.0.0.1 # ## Do not change anything below here # Kerberos principal SETPRINCIPAL=$SETDHCPUSER@$SETREALM # Kerberos keytab SETDHCPKEYTAB=/etc/$SETDHCPUSER.keytab # Default DNS resource records TTL RRTTL="3600" # krbcc ticket cache export KRB5CCNAME="/tmp/dhcp-dyndns.cc" ## Command locations, with full paths it speeds up processing. ## ( tested on Ubuntu 14....

...>> TXTRRS="NO" >> # Additional nsupdate flags (-g already applied), e.g. "-d" for debug >> #NSUPDFLAGS="-d" >> # DNS nameserver >> ns=127.0.0.1 >> # >> ## Do not change anything below here >> # Kerberos principal >> SETPRINCIPAL=$SETDHCPUSER@$SETREALM >> # Kerberos keytab >> SETDHCPKEYTAB=/etc/$SETDHCPUSER.keytab >> # Default DNS resource records TTL >> RRTTL="3600" >> >> # krbcc ticket cache >> export KRB5CCNAME="/tmp/dhcp-dyndns.cc" >> >> ## Comman...

...gt;>> # Additional nsupdate flags (-g already applied), e.g. "-d" for debug >>> #NSUPDFLAGS="-d" >>> # DNS nameserver >>> ns=127.0.0.1 >>> # >>> ## Do not change anything below here >>> # Kerberos principal >>> SETPRINCIPAL=$SETDHCPUSER@$SETREALM >>> # Kerberos keytab >>> SETDHCPKEYTAB=/etc/$SETDHCPUSER.keytab >>> # Default DNS resource records TTL >>> RRTTL="3600" >>> >>> # krbcc ticket cache >>> export KRB5CCNAME="/tmp/dhcp-dyndns.cc"...

....cc klist: No ticket file: /tmp/dhcp-dyndns.cc --------------------- Then I executed the part of the script step by step --------------------- root at sambabuch:~# domain=$(hostname -d) root at sambabuch:~# REALM=$(echo ${domain^^}) root at sambabuch:~# echo $REALM EXAMPLE.NET root at sambabuch:~# SETPRINCIPAL="dhcpduser@${REALM}" root at sambabuch:~# echo $SETPRINCIPAL dhcpduser at EXAMPLE.NET root at sambabuch:~# kinit -F -k -t /etc/dhcpduser.keytab -c /tmp/dhcp-dyndns.cc "${SETPRINCIPAL}" root at sambabuch:~# klist -c /tmp/dhcp-dyndns.cc Credentials cache: FILE:/tmp/dhcp-dyndns.cc...

Hey Rowland, Below is a cutdown version of my DHCP. As you can see, I haven't really set anything up for ddns-update. While using Samba4's internal DNS I had the setting 'ddns-update-style interim;' and it seemed to have worked fine. But with bind I'm not sure what else is needed. Thanks for taking a look at it. Philip # # DHCP Server Configuration file. # see