[Samba] samba4+bind on centos
NOC
noc at nieuwland.nl
Tue Jun 11 04:35:10 MDT 2013
On 06/11/2013 12:15 PM, Rowland Penny wrote:
> Have you created the reverse zone? Samba, for some reason, does not
> automatically create it. If I run your command, I get:
>
> IPs: ['192.168.0.2']
> Calling nsupdate for A domain.lan 192.168.0.2
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> domain.lan. 900 IN A 192.168.0.2
>
> and so on ~~~~~
>
> Rowland
>
Hi Rowland,
do you mean the samba_dnsupdate command?
I don't think the command, when I run it, gets as far as you get.
Where do you propose to create the reverse zone? statically in bind or
by editing the file /usr/local/samba/private/dns_update_list?
Cheers
Simon
>
> On 11 June 2013 10:54, NOC <noc at nieuwland.nl
> <mailto:noc at nieuwland.nl>> wrote:
>
> Hi All
>
> I've started again from scratch, following the wikipage at
> https://wiki.samba.org/index.php/Dns-backend_bind#Bind_9.8_.2F_9.9
>
> I'm using bind 9.8.5-P1 and samba4 master (from yesterday I guess)
>
> compiling from scratch:
> bind: ./configure --with-gssapi=/usr/include/gssapi --with-dlopen=yes
>
> And the given named.conf in /etc/bind/ (as this is where I want
> the config to reside)
>
> I've include the local zones as provided and I modified the named
> in a few places:
> diff orig-named.conf /etc/bind/named.conf
> 6c6
> < directory "/var/named";
> ---
> > directory "/etc/bind";
> 8c8
> < forwarders { 8.8.8.8; 8.8.4.4; };
> ---
> > forwarders { 172.16.1.12; 172.16.1.18; };
> 16,17c16,18
> < 10.1.1.0/24 <http://10.1.1.0/24>;
> < ...other networks you want to allow to query your
> DNS...;
> ---
> > 192.168.6.0/24 <http://192.168.6.0/24>;
> > 127.0.0.0/8 <http://127.0.0.0/8>;
> > #...other networks you want to allow to query
> your DNS...;
> 21,22c22,24
> < 10.1.1.0/24 <http://10.1.1.0/24>;
> < ...other networks you want to allow to do
> recursive queries...;
> ---
> > 192.168.6.0/24 <http://192.168.6.0/24>;
> > 127.0.0.0/8 <http://127.0.0.0/8>;
> > #...other networks you want to allow to do
> recursive queries...;
> 24a27,28
> > tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> >
> 26a31
> > include "/usr/local/samba/private/named.conf";
>
>
> This is just so bind actually works and the files created by
> provision are included
>
> Provision was done using:
> samba-tool domain provision
> Realm: example
> Domain [example]: example.com <http://example.com>
> Server Role (dc, member, standalone) [dc]: dc
> DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
> [SAMBA_INTERNAL]: BIND9_DLZ
> Administrator password:
> Retype password:
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> Adding DomainDN: DC=example
> Adding configuration container
> Setting up sam.ldb schema
> Setting up sam.ldb configuration data
> Setting up display specifiers
> Modifying display specifiers
> Adding users container
> Modifying users container
> Adding computers container
> Modifying computers container
> Setting up sam.ldb data
> Setting up well known security principals
> Setting up sam.ldb users and groups
> Setting up self join
> Adding DNS accounts
> Creating CN=MicrosoftDNS,CN=System,DC=example
> Creating DomainDnsZones and ForestDnsZones partitions
> Populating DomainDnsZones and ForestDnsZones partitions
> See /usr/local/samba/private/named.conf for an example
> configuration include file for BIND
> and /usr/local/samba/private/named.txt for further documentation
> required for secure DNS updates
> Setting up sam.ldb rootDSE marking as synchronized
> Fixing provision GUIDs
> A Kerberos configuration suitable for Samba 4 has been generated
> at /usr/local/samba/private/krb5.conf
> Once the above files are installed, your Samba4 server will be
> ready to use
> Server Role: active directory domain controller
> Hostname: sambabind02
> NetBIOS Domain: EXAMPLE.COM <http://EXAMPLE.COM>
> DNS Domain: example
> DOMAIN SID: S-1-5-21-294307859-3325552197-969134079
>
>
> stopped/started bind using the new config file
>
> Then I started /usr/local/samba/sbin/samba -D
>
> Then command:
> # /usr/local/samba/sbin/samba_dnsupdate --verbose --all-names
> IPs: ['192.168.6.86']
>
> Traceback (most recent call last):
> File "/usr/local/samba/sbin/samba_dnsupdate", line 511, in <module>
> get_credentials(lp)
> File "/usr/local/samba/sbin/samba_dnsupdate", line 124, in
> get_credentials
> raise e
> RuntimeError: kinit for SAMBABIND02$@EXAMPLE failed (Cannot
> contact any KDC for requested realm)
>
> It appears that samba_dnsupdate tries to get a ticket from the KDC
> that it tries to find using DNS, but the record isn't yet inserted
> in the bind dns database. Is it a chicken/egg problem?
>
> Now either the wiki hasn't been fully tested or it's missing a
> obvious step
>
> Any clues?
>
> /Simon
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list