Hi Samba4 DC with sssd clients.
It seems that ddns updates are not necessary for Linux against AD as no check is made in dns before tickets are issued. In the hope that this would simplify configuration, could anyone confirm this behaviour? Thanks, Steve
I dont have Samba4 but I've 2012 R2 as a DC running on BIND9 as a DNS service. And the updates are not allowed by bind and we are able to use SSSD to authenticate.
Hope this helps.
Sent from my iPhone
On 07/06/2014, at 13:12, "steve" steve@steve-ss.com wrote:
Hi Samba4 DC with sssd clients.
It seems that ddns updates are not necessary for Linux against AD as no check is made in dns before tickets are issued. In the hope that this would simplify configuration, could anyone confirm this behaviour? Thanks, Steve
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Sat, 2014-06-07 at 17:29 +0000, Vinícius Ferrão wrote:
I dont have Samba4 but I've 2012 R2 as a DC running on BIND9 as a DNS service. And the updates are not allowed by bind and we are able to use SSSD to authenticate.
Hope this helps.
Hi Thanks. Yes, same here. Even though bind allows the signed updates from sssd, we don't need them. We can authenticate using sssd no matter what IP is assigned and no matter what is stored in AD. Maybe the ddns requirement could be removed from the default ad-backend? Steve
sssd-users@lists.fedorahosted.org