Hello Mark, thanx a lot for your feedback.
the rule that works at the moment for only ONE client: grant WS-YBCL150939\$\@EXAMPLE.TEST subdomain example.test. ANY; Because bind support both it should also work with: grant ws-ybcl150...@example.test subdomain example.test. ANY; right? But for any reason it dont. When I use that form I get a refuse. I hope that in that form I could use the syntax: grant *@EXAMPLE.TEST subdomain example.test. ANY; to mach all Clients from EXAMPLE.TEST that have a valid key from Active Directory. thanx a lot, cheers, 2011/5/11 Mark Andrews <ma...@isc.org> > > In message <BANLkTim7k4KYxYoz=awj9mwtczvxb32...@mail.gmail.com>, Juergen > Dietl > writes: > > Hello Mark, > > > > thanx for your anwer. > > > > Your first sentence maybe help me to understand why this is the > client=B4s > > credential that it needs in the rule: > > > > WS-YBCL150939\$\@EXAMPLE.COM > > > > So fist is the hostname then the slash makes the $-sign just to be a > normal > > letter and not variable for example, and the @example.com is the rest of > ho= > > w > > windows uses the sort of identity. > > machinename$@EXAMPLE.COM <http://example.com/> > > You don't need the backslashes in 9.8, earlier versions still need > the backslashes. $ and @ are special characters in master files > which is why they were escaped. We added name -> principle routines > in 9.8 which don't do unnecessary escapes. > > > Is it normal that I have to put in the Windows identity in the named.conf > > and not the kerberus identity? > > > > So WS-YBCL150939\$\@EXAMPLE.COM and NOT host/ws-ybcl150...@example.com. > > It depends on the network. > > > What is host .....? I just know the principal as Service-Principal and > ther= > > e > > its normally > > for example: DNS/lxdns10t.prim-dns.test1.t...@example.test > > > > thanx a lot for all your help, > > cheers, > > There are multiple conventions. Windows does it one way. MIT does > it a different way. named has code for both. > > Mark > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
