Add DNS records at domain join time

Enterprise / Samba - Andrew Bartlett [] - 10 June 2017 20:04 EDT

This avoids issues getting replication going after the DC first starts as the rest of the domain does not have to wait for samba_dnsupdate to run successfully

We do not just run samba_dnsupdate as we want to strictly operate against the DC we just joined:- We do not want to query another DNS server- We do not want to obtain a Kerberos ticket for the new DC (as the KDC we select may not be the DC we just joined, and so may not be in sync with the password we just set)- We do not wish to set the _ldap records until we have started- We do not wish to use NTLM (the --use-samba-tool mode forces NTLM)

The downside to using DCE/RPC rather than DNS is that these will be regarded as static entries, and (against windows) have a the ACL assigned for static entries. However this is still better than no DNS at all.

Because some tests want a DNS record matching their own name this fixes some tests and removes entires from knownfail

75eb2e3 Add DNS records at domain join time
python/samba/ | 200 ++++++++++++++++++++++++++++++++++++++-
selftest/knownfail.d/dns | 13 +--
selftest/knownfail.d/dns-at-join | 2 -
3 files changed, 200 insertions(+), 15 deletions(-)


  • Share