Lynn said the following on 04/03/2012 03:20 PM:
My DNS entries are stored in Active directory.
Well *that* answers your question about 'why does it work for Windows and not Linux, doesn't it! ! !
updates occur as and when needed by the software.
Obvioulsy not, otherwise we wouldn't be having this conversation. Ph, *that* software updating AD. But the remote Linux clients that are given addresses by DHCP are using BIND for DN, not AD. is that what we've been talking about. I suppose there is a way to to have "option nameserver" entries in the /etc/dhcpd.conf on the server that tell the Linux clients granted IP address leases to use SAMBA as the name server rather than bind, and somehow get the DHCP to tell SAMBA when its handed out addresses or when they have expierd. But you seem pretty hung up on SAMBA so why not just figure out how to make that do the work of DHCP and BIND - and I can't help you with that. I can help you with getting Linux clients to use DHCP and BIND and I know that can work. If you want it to work and run in parallel and have Kerberos be able to do the forward-backward-forward address verificaton with an authoritative NAMED then what I've posted will do all that. BTDT. And as I've mentioned, done it in a hetrogeneous environment and with variations.
2. Is the crypto key shared between DHCP and BIND? This should be the same key used in (1)
The key is only known to AD. As far as I know, bind cannot see the entries stored in AD.
See above. And what I'm talking about is a key that's shred between DHCP and NAMED. There will be a stanza in each that reads key key_id { algorithm algorithm_id; # choose algorithm secret secret_string; # generate string }; and a reference to "key_id" for the subnet concerned. For example http://www.oceanwave.com/technical-resources/unix-admin/nsupdate.html#create... And yes you will have to have the entry in the named zone file to allow update as it describes. Keeping a copy of the key in a file allows you to use nsupdate.
3., Is DHCP set up to use DDNS against BIND for the relevant subnet? Again, consult the URLs for parameters to DHCP that I included in earlier mails
The only way I know to create the reverse entry in AD without a 2008 server is as follows (samba thread again):
[snip]
And since the Linux machines are using DHCP/NAMED then what's in AD doesn't matter as its invisible to them.
This method gives me reverse lookups fr static IP's. Now I need to be able to translate this into dynamic IP's
Which is what I've been describing and trying to get you to do.
Not very good answers but I think it points to conventional methods being of no use when dealing with dynamically loaded zones in AD. But don't let's give up!
At this point I'm dropping out of this thread. I'm repeating myself and obviously not getting my message across, and I don't think it has anything to with "English". -- Do you want the truth, or a well-designed machination brought into existence solely for the stroking of your ego? -- Empty <empty@theriver.com> on alt.goth -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org