[Samba] WG: HOWTO centOS 5.5 samba4 dns dynamic update
Daniel Müller
mueller at tropenklinik.de
Mon Jul 26 04:01:45 MDT 2010
Excuse me,
I forgot the provison section!
For all,
after I had several problems making samba4 working as it should on
centOs5.5 here is a short guide setting it up to work.
First of all do not install the bind package coming with centos 5.5!!
Install needs for samba
yum install libacl* gnutls* readline* python* gdb* autoconf*
Named installation:
Here is a description on what to do:
http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d
nssec-nsec3-support/
The steps,
yum -y install make gcc rpm-build libtool autoconf openssl-devel
libcap-devel libidn-devel libxml2-devel openldap-devel postgresql-devel
sqlite-devel mysql-devel krb5-devel xmlto
For named to compile correctly you need this 2 packages too:
yum -y install curl*
download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa
rch.rpm
cd /usr/src/redhat/SRPMS
wget -c
ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/bind-9.6.*.src.rpm
wget -c
ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/dnssec-conf-*.src.rpm
cd /usr/src/redhat/SRPMS
wget -c
ftp://mirrors.kernel.org/pub/fedora/updates/12/SRPMS/bind-9.6.*.src.rpm
wget -c
ftp://mirrors.kernel.org/pub/fedora/releases/12/Fedora/source/SRPMS/dnssec-c
onf-*.src.rpm
rpm -ivh --nomd5 bind-9.6.*.src.rpm dnssec-conf-*.src.rpm
cd /usr/src/redhat/SPECS
rpmbuild -ba ./bind.spec
The built bind RPM is now in /usr/src/redhat/RPMS/i386/ or
/usr/src/redhat/RPMS/x86_64/ depending on your Arch.
rpmbuild --ba ./dnssec-conf.spec
The built dnssec-conf RPM is now in /usr/src/redhat/RPMS/noarch/
cd /usr/src/redhat/RPMS/*86*
rpm -Uvh bind-9.6.*.rpm bind-utils-9.6.*.rpm bind-libs-9.6.*.rpm
../noarch/dnssec-conf-1.21-*.noarch.rpm
Now bind is installed Config-File in /etc/named.conf
I disabled in options:
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside . trust-anchor dlv.isc.org.;
To make bind work you have to add user named to the group named.
Set the rights to make named work correctly
chmod 770 /etc/named.conf
chmod 770 /etc/named.rfc1912.zones
chown root:named /etc/named.conf
chown /etc/named.rfc1912.zones
chmod -R 770 /var/named
chown -R named:named /var/named
Now download and install samba:
url: http://wiki.samba.org/index.php/Samba4/HOWTO
mkdir samba4
cd samba4
rsync -avz samba.org::ftp/unpacked/samba_4_0_test/ .
cd /source4
./autogen.sh
./configure.devloper
make
make install
Samba4 is now installed in /usr/local/samba
Provision it:
Cd /samba4/source4
./setup/provision --realm=samdom.example.com --domain=SAMDOM
--adminpass=SOMEPASSWORD --server-role='domain controller'
In my case:
./setup/provision --realm=tuebingen.tst.loc
--domain=TUEBINGEN--adminpass=SOMEPASSWORD --server-role='domain controller'
Now you nedd to add the PATH to roots .bash_profile in /root
--> PATH=$PATH:$HOME/bin:/usr/local/samba/bin:/usr/local/samba/sbin
which samba must answer: /usr/local/samba/sbin/samba
Now you must set the lib paths:
echo "/usr/local/samba/lib" > /etc/ld.so.conf.d/samba4.conf
The next things to do( named should have read and write) :
Cd /usr/local/samba/private
Chown named:named krb5.conf
Chown -R named:named /usr/local/samba/private/dns
Chown named:named named.conf
Chown named:named named.conf.update
Chown named:named dns.keytab
Cp krb5.conf /etc # this will overwrite the org. krb5.conf
Cd /etc/sysconfig
Vi named
There add a line at the bootom:
KEYTAB_FILE="/usr/local/samba/private/dns.keytab"
export KEYTAB_FILE
Now you must update your /etc/named.conf ,
Be sure to have em listen on a IP not only 127.0.0.1:
Here ist mine
options {
listen-on port 53 { 127.0.0.1;192.168.134.27; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
forwarders { 192.168.134.253; };##put here your first dns if you
have
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/usr/local/samba/private/named.conf";####samba4 link
include "/etc/named.rfc1912.zones";
Now you have to put in your globals /usr/local/smba/etc/smb.conf
Interfaces=eth0
Now samba -I -M single
And you are done!!!
Samba_dnsupdate --verbose will give you:
[root at node1 etc]# samba_dnsupdate --verbose
Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as
tuebingen.tst.loc.
Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as
node1.tuebingen.tst.loc.
Looking for DNS entry CNAME
365d2a9f-bfe6-462d-965e-8622bfefc190._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc as
365d2a9f-bfe6-462d-965e-8622bfefc190._msdcs.tuebingen.tst.loc.
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88 as
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389 as
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 88 as _kerberos._tcp.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
_kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc.
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
Looking for DNS entry SRV
_ldap._tcp.e67cd6da-dbd0-492d-96e2-2dc778abaebe.domains._msdcs.tuebingen.tst
.loc node1.tuebingen.tst.loc 389 as
_ldap._tcp.e67cd6da-dbd0-492d-96e2-2dc778abaebe.domains._msdcs.tuebingen.tst
.loc.
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.e67cd6da-dbd0-492d-96e2-2dc778abaebe.domains._msdcs.tuebingen.tst
.loc node1.tuebingen.tst.loc 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 3268 as
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc.
Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 3268 as _ldap._tcp.gc._msdcs.tuebingen.tst.loc.
Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc 389 as _ldap._tcp.pdc._msdcs.tuebingen.tst.loc.
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389
Looking for DNS entry SRV
_gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
node1.tuebingen.tst.loc 3268 as
_gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc.
Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
_gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
node1.tuebingen.tst.loc 3268
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
node1.tuebingen.tst.loc 88 as
_kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc.
Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
node1.tuebingen.tst.loc 88
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
node1.tuebingen.tst.loc 389 as
_ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc.
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc
node1.tuebingen.tst.loc 389
Looking for DNS entry SRV _gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc
3268 as _gc._tcp.tuebingen.tst.loc.
Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV
_gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 3268
Looking for DNS entry SRV _kerberos._tcp.tuebingen.tst.loc
node1.tuebingen.tst.loc 88 as _kerberos._tcp.tuebingen.tst.loc.
Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
_kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
Looking for DNS entry SRV _kpasswd._tcp.tuebingen.tst.loc
node1.tuebingen.tst.loc 464 as _kpasswd._tcp.tuebingen.tst.loc.
Checking 0 100 464 node1.tuebingen.tst.loc. against SRV
_kpasswd._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 464
Looking for DNS entry SRV _ldap._tcp.tuebingen.tst.loc
node1.tuebingen.tst.loc 389 as _ldap._tcp.tuebingen.tst.loc.
Checking 0 100 389 node1.tuebingen.tst.loc. against SRV
_ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389
Looking for DNS entry SRV _kerberos._udp.tuebingen.tst.loc
node1.tuebingen.tst.loc 88 as _kerberos._udp.tuebingen.tst.loc.
Checking 0 100 88 node1.tuebingen.tst.loc. against SRV
_kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88
Looking for DNS entry SRV _kpasswd._udp.tuebingen.tst.loc
node1.tuebingen.tst.loc 464 as _kpasswd._udp.tuebingen.tst.loc.
Checking 0 100 464 node1.tuebingen.tst.loc. against SRV
_kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464
No DNS updates needed
Greetings Daniel
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list