[Samba] HOWTO samba4 centos5.5 named dnsupdate drbd simple failover

Nico Kadel-Garcia nkadel at gmail.com
Tue Aug 10 18:22:36 MDT 2010 

On Mon, Aug 9, 2010 at 10:10 AM, Daniel Müller <mueller at tropenklinik.de> wrote:
>
> centOs5.5/samba4/named  here is a short guide setting it up to work.
> First of all do not install the bind package coming with centos 5.5!!
>
> Install needs for samba
>
> yum install libacl*  gnutls* readline* python* gdb* autoconf*
>
> Named installation:
> Here is a description on what to do:
> http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d
> nssec-nsec3-support/
> The steps,

Thanks for the pointer.  I do have some strong suggestions for you.

* Never build RPM's as root. Always do them as a user. This takes
setting up your $HOME/.rpmmacros, but it's far safer and helps prevent
badly written or erroneous .spec files from accidentally doing "rm -rf
/" or modifying your installed system files. (I just published patches
to an upstream package maintainer to prevent exactly this sort of
accidental local modification in the build process.) I'd be happy to
publish notes for it.

* If possible, build RPM's with the "mock" tool. This assures that
you're building them with a clean build environment, rather than with
locally modified libraries, or if you need local modifications you've
identified them all. Again, I'd be happy to publish notes.

> yum -y install make gcc rpm-build libtool autoconf openssl-devel libcap-devel libidn-devel libxml2-devel openldap-devel postgresql-devel sqlite-devel mysql-devel krb5-devel xmlto

Simply doing "yum -y insall rpmbuild", then "rpmbuild --rebuild
samba-*.src.rpm" should identify the dependencies for the existing
samba packages or any *.src.rpm you work with.

> For named to compile correctly you need this 2 packages too:
>
> yum -y install curl*
>
> download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa
> rch.rpm

EPEL is great, and also available at
ftp://mirrors.kernel.org/fedora-epel/5/. And whether to use i386 or
x86_64 depends on your architecture. And EPEL changes versions and
discards old ones without announcements, so your needed tool may
change behind you back..

Better to install the 'epel-release" RPM from the same repository, and
disable the /etc/yum.repos.d/epel.repo if you don't want it on by
default, but use it as needed to more gracefully install and update
such packages.

Also, "dnssec-conf" has been obsoleted in the EPEL repository by
"unbound", which I assume will also work.

> cd /usr/src/redhat/SRPMS
> wget -c
> ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/bind-9.6.*.src.rpm
> wget -c
> ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/dnssec-conf-*.src.rpm
>
>
> cd /usr/src/redhat/SRPMS
> wget -c
> ftp://mirrors.kernel.org/pub/fedora/updates/12/SRPMS/bind-9.6.*.src.rpm
> wget -c
> ftp://mirrors.kernel.org/pub/fedora/releases/12/Fedora/source/SRPMS/dnssec-c
> onf-*.src.rpm
> rpm -ivh --nomd5 bind-9.6.*.src.rpm dnssec-conf-*.src.rpm


Fedora 13 is out. But this doesn't work with either Fedora 12 or 13
packages, unless you've separately updated your RPM to be compatible
with current Fedora releases. That's fairly awkward to do.

To work around that, you need to extract the files and drop them ni
place manually. If you use .rpmmacros, it looks like this:

     cd $HOME/rpm/SOURCES
     for name in ../SRPMS/bind-9.6.*.src.rpm
         rpm2cpio $name | cpio -i
         mv bind.spec ../SPECS/bind.spec
         rpmbuild -bs --nodeps ../SPECS/bind.spec
    done
    rpmbuild -bs --nodeps
    rpmbuild --rebuild ../SRPMS/bind-9.6-[whatever].el5.src.rpm

> cd /usr/src/redhat/SPECS
> rpmbuild -ba ./bind.spec
>
> The built bind RPM is now in /usr/src/redhat/RPMS/i386/ or /usr/src/redhat/RPMS/x86_64/ depending on your Arch.
>
> rpmbuild --ba ./dnssec-conf.spec
>
> The built dnssec-conf RPM is now in /usr/src/redhat/RPMS/noarch/

Which is now unnecessary, due to the availability of dnssec-conf's
successor in EPEL.

> cd /usr/src/redhat/RPMS/*86*
> rpm -Uvh bind-9.6.*.rpm bind-utils-9.6.*.rpm bind-libs-9.6.*.rpm ../noarch/dnssec-conf-1.21-*.noarch.rpm
>
> Now bind is installed Config-File in /etc/named.conf I disabled in options:
> //dnssec-enable yes;
> //dnssec-validation yes;
> //dnssec-lookaside . trust-anchor dlv.isc.org.;
>
> To make bind work you have to add user named to the group named.
> Set the rights to make named work correctly
> chmod 770 /etc/named.conf
> chmod 770 /etc/named.rfc1912.zones
> chown root:named /etc/named.conf
> chown named:named /etc/named.rfc1912.zones
> chmod -R 770 /var/named
> chown -R named:named /var/named
> chown named:named /etc/rndc.key
> chown named:named /var/run/named/

named is already there from your installations of the bind RPM. Look
in the '%post' commands.

I'm going to take a break here, before getting into building Samba 4
itself. While your guidelines are helpful, I'm afraid they're off the
beaten path for RPM based installations, and I'd like to  encourage
you to update them.

More information about the samba mailing list