LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Register on Windows DNS Without Joining Active Directory Domain (http://www.linuxquestions.org/questions/linux-server-73/register-on-windows-dns-without-joining-active-directory-domain-834061/)

jfmorales 09-23-2010 01:17 PM

Register on Windows DNS Without Joining Active Directory Domain
 
Can a Linux system use Samba to register on a Windows DNS without joining the Windows Active Directory domain?

If so, does this require the Windows DNS server to allow nonsecure dynamic updates? Or is there some way to pass credentials with the DNS registration even though the Linux client is not in an Active Directory domain?

Thanks in advance for any advice.

jamrock 09-23-2010 02:11 PM

It is a good security practice to allow only secure dynamic updates on Windows domains. This means that the DNS server only accepts updates from machines that are members of the domain.

Accepting updates from machines that are not members of the domain is a big security risk. An administrative password is required to join a machine to a domain. This provides some level of control to ensure that only safe machines are updating DNS.

Is your Samba machine a server? Would it be okay to use a fixed address for it?

jfmorales 09-23-2010 03:02 PM

jamrock, Thanks for your reply.
>> It is a good security practice to allow only secure dynamic updates on Windows domains.

That makes sense. Is it possible for a Linux Samba client to register securely in Windows DNS without joining the Active Directory domain? I'm not sure how the credentials would be supplied or evaluated in that case.

>> Is your Samba machine a server? Would it be okay to use a fixed address for it?

We're talking about Linux systems that are running just a Samba client and need to register in Windows DNS.

Thanks, Joseph

jamrock 09-23-2010 08:07 PM

I don't think it is even possible for Windows clients to do secure dynamic updates without being a part of the Windows domain.

I have never tried doing dynamic updates of Windows DNS with a Samba client.

Take a look at this document
http://technet.microsoft.com/en-us/l...8WS.10%29.aspx
Quote:

Secure dynamic update restricts DNS zone updates to only those computers that are authenticated and joined to the Active Directory domain where the DNS sever is located, and to the specific security settings defined in the ACLs for the DNS zone.


All times are GMT -5. The time now is 03:44 AM.