[Samba] Samba 4, DHCP and Bind
Rowland Penny
rpenny at f2s.com
Tue Feb 26 02:11:03 MST 2013
On 25/02/13 22:44, Scott Whitten wrote:
> Hi All,
>
> I'm trying to integrate Samba 4 DHCPD and Bind 9.9 into a complete solution.
>
> I'm using the BIND/Samba 4 DLZ plugin.
>
> DHCP by itself works and hands out IP addresses.
>
> What I would like to have happen is the following:
> - PC is joined to the Samba 4 domain (this works)
> - PC gets an IP via DHCPD
> - DHCP or the PC registers the IP in BIND
>
> Network PC's should resolve cleanly when pinging pc01.office.local
>
> My logs are full of messges aalong the lines of:
> Feb 25 14:36:24 knottypine named[22655]: samba_dlz: starting transaction on
> zone office.local
> Feb 25 14:36:24 knottypine named[22655]: client 192.168.65.101#57781:
> update 'office.local/IN' denied
> Feb 25 14:36:24 knottypine named[22655]: samba_dlz: cancelling transaction
> on zone office.local
>
> Clearly I'm missing something but not sure what exactly.
>
> Thanks for any suggestions you might have.
>
> For reference... here are my various config files:
> ======================================================================
> smb.conf
> ---
> # Global parameters
> [global]
> server role = active directory domain controller
> workgroup = OFFICE
> interfaces = eth0
> bind interfaces only = yes
> realm = office.local
> netbios name = KNOTTYPINE
> passdb backend = samba4
> idmap_ldb:use rfc2307 = yes
> allow dns updates = True
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/office.local/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> [IPC$]
> path = /tmp
> read only = No
>
> [Data]
> path = /u0/sambashares/data
> read only = no
> ======================================================================
> ddns-update-style ad-hoc;
> allow unknown-clients;
>
> subnet 192.168.65.0 netmask 255.255.255.0 {
>
> # --- default gateway
> option routers 192.168.65.1;
> option subnet-mask 255.255.255.0;
>
> option domain-name "office.local";
> option domain-name-servers 192.168.65.2;
>
> option netbios-name-servers 192.168.65.2;
> option netbios-node-type 2;
>
> default-lease-time 21600;
> max-lease-time 43200;
> allow unknown-clients;
>
> range 192.168.65.100 192.168.65.150;
> }
> ======================================================================
>
> //
> // sample BIND configuration file
> //
> acl mynet {
> 192.168.65.0/24;
> 127.0.0.1;
> };
>
> options {
> listen-on { 127.0.0.1; 192.168.65.0/24; };
> allow-query { 192.168.65.0/24; localhost; };
> allow-recursion { 192.168.65.0/24; localhost; };
> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> forwarders {8.8.8.8;};
> };
>
> // Where the localhost hostname is defined
> zone "localhost" IN {
> type master;
> file "/etc/namedb/zone.localhost";
> allow-update { none; };
> };
>
> // Where the 127.0.0.0 network is defined
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "/etc/namedb/revp.127.0.0";
> allow-update { none; };
> };
>
> zone "65.168.192.in-addr.arpa" {
> type master;
> file "/etc/namedb/192.168.65.0.rev";
> allow-query {
> mynet;
> };
> allow-transfer {
> mynet;
> };
> allow-update {
> mynet;
> };
> };
>
> include "/usr/local/samba/private/named.conf";
Hi, you appear to be trying to get DHCP to carry out the updates
directly, this does not work, or at least I could not get it to work,
try starting here:
http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
This works for me, Ubuntu 12.04, DHCP, Bind 9.9.1 and a version of the
script found on Michael Kurons webpage.
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba
mailing list