[Samba] Samba 4 Bind DNS on CentOS 7

Brady, Mike mike.brady at devnull.net.nz
Fri Aug 21 03:45:18 UTC 2015 

On 2015-08-21 14:11, Brady, Mike wrote:
> On 2015-08-21 12:52, John Gardeniers wrote:
>> Hi Brady,
>> 
>> I realise that but the only named.conf to be found on the system is my
>> newly created /etc/named.conf. Either something screwed up when
>> installing the Sernet RPMs, which is really pretty unlikely given that
>> everything else is working, or the file was not included in the
>> package.
>> 
>> regards,
>> John
>> 
>> 
>> On 21/08/15 10:16, Brady, Mike wrote:
>>> On 2015-08-21 11:18, John Gardeniers wrote:
>>>> Can anyone point me to instruction for setting up Bind to work with
>>>> Samba 4 on CentOS 7? I know there are some instruction at
>>>> https://wiki.samba.org/index.php/DNS_Backend_BIND but they're
>>>> incomplete when using the Sernet repo. In particular, it refers to
>>>> 'include "/usr/local/samba/private/named.conf";' but that file 
>>>> doesn't
>>>> exist at any location on my system.
>>>> 
>>>> Is this a generic file that I can copy from some other
>>>> place/system/person, or is it a dynamically generated, system
>>>> specific, file created during the install? I thought I might be able
>>>> to set up an Ubuntu server and grab it from there but, like CentOS,
>>>> samba-ad doesn't exist in the standard repos, which puts me back at
>>>> Sernet, with nothing gained. Is there a distro which actually has
>>>> samba-ad in the standard repos?
>>>> 
>>>> regards,
>>>> John
>>> Sernet packages on Centos 7 use /var/lib/samba/private for those 
>>> files.
>>> 
> 
> John
> 
> I have multiple Sernet 4.2/Centos 7 DC installed using Bind and they
> all have a /var/lib/samba/private/named.conf.  I do not know if the
> named.conf is installed by the package or is generated.  The file
> isn't owned by any package, so I assume that it is generated by either
> the provision or when configuring the DC to use Bind.
> 
> That particular file is not unique to each install.  For CentOS 7 it 
> contains
> 
>>>>>>>>>>>>>>>> Cut <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen 
> support.
> #
> # This file should be included in your main BIND configuration file
> #
> # For example with
> # include "/var/lib/samba/private/named.conf";
> 
> #
> # This configures dynamically loadable zones (DLZ) from AD schema
> # Uncomment only single database line, depending on your BIND version
> #
> dlz "AD DNS Zone" {
>     # For BIND 9.8.x
>     # database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";
> 
>     # For BIND 9.9.x
>      database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so";
> 
>     # For BIND 9.10.x
>     # database "dlopen /usr/lib64/samba/bind9/dlz_bind9_10.so";
> };
>>>>>>>>>>>>>>>> Cut <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> 
> but if you do not have the file, then there is something wrong with
> your install and/or provision and you may may well be missing other
> files.
> 
> My /var/lib/samba/private contains
> 
> [root at dc03 private]# ll
> total 14536
> drwxrwx--- 3 root  named    4096 Aug  3 11:48 dns
> -rw------- 1 named named     862 Jun 18 13:19 dns.keytab
> -rw------- 1 root  root     2073 Jun  3 12:26 dns_update_cache
> -rw-r--r-- 1 root  root     3183 Jun  3 12:17 dns_update_list
> -rw------- 1 root  root  1286144 Jun  3 12:17 hklm.ldb
> -rw------- 1 root  root  3366912 Aug  3 12:33 idmap.ldb
> -rw------- 1 root  root  1609728 Jun 17 11:15 idmap.ldb.old
> -rw-r--r-- 1 root  root      101 Jun  3 12:17 krb5.conf
> srwxrwxrwx 1 root  root        0 Aug 18 16:01 ldapi
> drwxr-x--- 2 root  root     4096 Aug 18 16:01 ldap_priv
> -rw-r--r-- 1 root  root      633 Jun 18 13:19 named.conf
> -r--r--r-- 1 root  root      310 Jul  2 11:00 named.conf.update
> -rw-r--r-- 1 root  root     2090 Jun 18 13:19 named.txt
> -rw------- 1 root  root      696 Aug 18 16:01 netlogon_creds_cli.tdb
> -rw------- 1 root  root  1286144 Jun  3 12:17 privilege.ldb
> -rw------- 1 root  root      696 Jun  3 12:26 randseed.tdb
> -rw------- 1 root  root  4247552 Jun  3 12:17 sam.ldb
> drwxr-x--- 2 root  named    4096 Aug  3 11:48 sam.ldb.d
> -rw------- 1 root  root    24576 Aug 21 13:39 schannel_store.tdb
> -rw------- 1 root  root     1237 Jun  3 12:17 secrets.keytab
> -rw------- 1 root  root  1286144 Jun 18 13:19 secrets.ldb
> -rw------- 1 root  root   425984 Jun  3 12:26 secrets.tdb
> -rw------- 1 root  root  1286144 Jun  3 11:41 share.ldb
> drwxr-xr-x 3 root  root     4096 Jun  3 12:26 smbd.tmp
> -rw-r--r-- 1 root  root      955 Jun  3 12:17 spn_update_list
> drwx------ 2 root  root     4096 Jun  3 12:26 tls
> 
> 
> I will be installing (but not provisioning) a couple of new DCs in a
> couple of hours from now.  I will have a look and see if the file is
> deployed as part of the install.
> 
> Regards
> 
> Mike

Immediately after installation /var/lib/samba/private is empty. So 
everything in it is "generated", I assume by the provision.

More information about the samba mailing list