Displaying 12 results from an estimated 12 matches for "setprincipal".
2019 Jan 10
4
samba-tool auth in scripts
Am 09.01.19 um 14:01 schrieb Rowland Penny via samba:
> Try reading this:
>
> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9
>
> It's for DHCP updating dns records, but it uses a dedicated user and
> kerberos, so it should help you.
Thats exactly what I wanted, thanks. Just a little problem, "samba-tool
[...] -k yes" after
2017 Apr 26
2
Setup a new samba AD DC
...c ticket cache
export KRB5CCNAME="/tmp/dhcp-dyndns.cc"
+if [ -f "$KRB5CCNAME" -a ! -r "$KRB5CCNAME" ]
+then
+ echo "File krbcc ticket cache $KRB5CCNAME is not readable. Remove it with 'rm -f $KRB5CCNAME'"
+ exit 1
+fi
+
# Kerberos principal
SETPRINCIPAL="dhcpduser@${REALM}"
# Kerberos keytab
@@ -43,13 +49,15 @@
fi
# Check for Kerberos keytab
-if [ ! -f /etc/dhcp/dhcpduser.keytab ]; then
- echo "Required keytab /etc/dhcpduser.keytab not found, it needs to be created."
+dhcpduser_keytab='/etc/samba/dhcpduser.keytab...
2015 Sep 03
7
samba_dlz: Failed to connect
On Thu, 3 Sep 2015, Rowland Penny wrote:
> What are the permissions on /var/lib/samba/private/dns ?
Also don't forget the permissions on /var/lib/samba/private
If you're using sernet's packages, you'll have to chgrp it to to named or give
it o+x perms.
2015 Sep 03
2
dhcp errors - Re: dhcp example
...1)
> # Set to YES to use TXT RRs
> TXTRRS="NO"
> # Additional nsupdate flags (-g already applied), e.g. "-d" for debug
> #NSUPDFLAGS="-d"
> # DNS nameserver
> ns=127.0.0.1
> #
> ## Do not change anything below here
> # Kerberos principal
> SETPRINCIPAL=$SETDHCPUSER@$SETREALM
> # Kerberos keytab
> SETDHCPKEYTAB=/etc/$SETDHCPUSER.keytab
> # Default DNS resource records TTL
> RRTTL="3600"
>
> # krbcc ticket cache
> export KRB5CCNAME="/tmp/dhcp-dyndns.cc"
>
> ## Command locations, with full paths it spee...
2017 Apr 25
2
Setup a new samba AD DC
Il giorno mar, 25/04/2017 alle 14.36 +0100, Rowland Penny via samba ha
scritto:
> > However I would like to enable also the DHCP service, and think
> > it's right to activate it on this server.
> >
> > What is the best way to do so?
>
> Well you could always do it the way I have been doing it for the last
> 5 years, see here:
>
>
2019 Jan 10
0
samba-tool auth in scripts
...t; soon make an appearance), export the cache to use <export
> KRB5CCNAME="/tmp/dhcp-dyndns.cc"> and then use '$KRB5CCNAME' wherever
> '/tmp/dhcp-dyndns.cc' appears, except for:
>
> kinit -F -k -t /etc/dhcpduser.keytab -c /tmp/dhcp-dyndns.cc
> "${SETPRINCIPAL}"
>
> Where all you need is:
>
> kinit -F -k -t /etc/dhcpduser.keytab "${SETPRINCIPAL}"
>
> I have updated my dhcp-dyndns.sh script to match the above and it
> appears to be working without errors. If this continues for 24hrs the
> wikipage will be updated....
2019 Jan 10
0
samba-tool auth in scripts
...(I feel version 0.8.10 will
soon make an appearance), export the cache to use <export
KRB5CCNAME="/tmp/dhcp-dyndns.cc"> and then use '$KRB5CCNAME' wherever
'/tmp/dhcp-dyndns.cc' appears, except for:
kinit -F -k -t /etc/dhcpduser.keytab -c /tmp/dhcp-dyndns.cc
"${SETPRINCIPAL}"
Where all you need is:
kinit -F -k -t /etc/dhcpduser.keytab "${SETPRINCIPAL}"
I have updated my dhcp-dyndns.sh script to match the above and it
appears to be working without errors. If this continues for 24hrs the
wikipage will be updated.
As far as samba-tool is concerned, you...
2015 Sep 03
0
dhcp example
...UR dns domain
domain=example.com
# TXT RRs (rfc4701)
# Set to YES to use TXT RRs
TXTRRS="NO"
# Additional nsupdate flags (-g already applied), e.g. "-d" for debug
#NSUPDFLAGS="-d"
# DNS nameserver
ns=127.0.0.1
#
## Do not change anything below here
# Kerberos principal
SETPRINCIPAL=$SETDHCPUSER@$SETREALM
# Kerberos keytab
SETDHCPKEYTAB=/etc/$SETDHCPUSER.keytab
# Default DNS resource records TTL
RRTTL="3600"
# krbcc ticket cache
export KRB5CCNAME="/tmp/dhcp-dyndns.cc"
## Command locations, with full paths it speeds up processing.
## ( tested on Ubuntu 14....
2015 Sep 04
0
dhcp errors - Re: dhcp example
...>> TXTRRS="NO"
>> # Additional nsupdate flags (-g already applied), e.g. "-d" for debug
>> #NSUPDFLAGS="-d"
>> # DNS nameserver
>> ns=127.0.0.1
>> #
>> ## Do not change anything below here
>> # Kerberos principal
>> SETPRINCIPAL=$SETDHCPUSER@$SETREALM
>> # Kerberos keytab
>> SETDHCPKEYTAB=/etc/$SETDHCPUSER.keytab
>> # Default DNS resource records TTL
>> RRTTL="3600"
>>
>> # krbcc ticket cache
>> export KRB5CCNAME="/tmp/dhcp-dyndns.cc"
>>
>> ## Comman...
2015 Sep 04
1
further testing - Re: dhcp errors - Re: dhcp example
...gt;>> # Additional nsupdate flags (-g already applied), e.g. "-d" for debug
>>> #NSUPDFLAGS="-d"
>>> # DNS nameserver
>>> ns=127.0.0.1
>>> #
>>> ## Do not change anything below here
>>> # Kerberos principal
>>> SETPRINCIPAL=$SETDHCPUSER@$SETREALM
>>> # Kerberos keytab
>>> SETDHCPKEYTAB=/etc/$SETDHCPUSER.keytab
>>> # Default DNS resource records TTL
>>> RRTTL="3600"
>>>
>>> # krbcc ticket cache
>>> export KRB5CCNAME="/tmp/dhcp-dyndns.cc"...
2018 Aug 15
2
DDNS with bind9 and isc-dhcp-server
....cc
klist: No ticket file: /tmp/dhcp-dyndns.cc
---------------------
Then I executed the part of the script step by step
---------------------
root at sambabuch:~# domain=$(hostname -d)
root at sambabuch:~# REALM=$(echo ${domain^^})
root at sambabuch:~# echo $REALM
EXAMPLE.NET
root at sambabuch:~# SETPRINCIPAL="dhcpduser@${REALM}"
root at sambabuch:~# echo $SETPRINCIPAL
dhcpduser at EXAMPLE.NET
root at sambabuch:~# kinit -F -k -t /etc/dhcpduser.keytab -c
/tmp/dhcp-dyndns.cc "${SETPRINCIPAL}"
root at sambabuch:~# klist -c /tmp/dhcp-dyndns.cc
Credentials cache: FILE:/tmp/dhcp-dyndns.cc...
2015 Nov 09
3
Samba_dlz: canceling trasaction on zone domain
Hey Rowland,
Below is a cutdown version of my DHCP. As you can see, I haven't really set anything up for ddns-update. While using Samba4's internal DNS I had the setting 'ddns-update-style interim;' and it seemed to have worked fine. But with bind I'm not sure what else is needed.
Thanks for taking a look at it.
Philip
#
# DHCP Server Configuration file.
# see