[Samba] samba4 internal dns Server ddns for the reverse lookup Zone
Markus Roth
markusroth1983 at gmx.net
Fri Aug 15 16:02:49 MDT 2014
Hi Steve,
Update:
I've now a sssd.conf which can start the sssd.conf daemon. But i also get
the denied messages in the forward and reverse lookup before samba4 do the
successfull ddns updates. Here are my configuration files:
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Sssd.conf:
[sssd]
config_file_version = 2
domains = winnet.local
services = nss, pam
debug_level = 0
[nss]
[pam]
[domain/winnet.local]
ldap_referrals = false
enumerate = false
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
access_provider = ldap
ldap_schema = rfc2307bis
#ldap_user_search_base = ou=user accounts,dc=ad,dc=example,dc=com
#ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName
#ldap_group_search_base = ou=groups,dc=ad,dc=example,dc=com
#ldap_group_object_class = group
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
krb5_realm = WINNET.LOCAL
krb5_canonicalize = false
----------------------------------------------------------------------------
---------------------------------------------------------------------------
/etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 192.168.178.130; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.178.0/24; };
allow-recursion { localhost; 192.168.178.0/24; };
forwarders { 8.8.8.8; 8.8.4.4; };
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/usr/local/samba/private/named.conf";
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Smb.conf
# Global parameters
[global]
workgroup = WINNET
realm = WINNET.LOCAL
netbios name = SERVER1
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/winnet.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
----------------------------------------------------------------------------
---------------------------------------------------------------------------
-----Ursprüngliche Nachricht-----
Von: Markus Roth [mailto:markusroth1983 at gmx.net]
Gesendet: Freitag, 15. August 2014 22:11
An: 'steve'
Cc: 'samba at lists.samba.org'
Betreff: AW: [Samba] samba4 internal dns Server ddns for the reverse lookup
Zone
Hi Steve,
i had setup a new centos7 test environment with sssd 1.11 so i can use your
link instead of an ldap configuration and followed your steps below. But
sssd won't start. I only geht the message under /var/log/messages:
Aug 15 22:08:11 server1 sssd: Starting up Aug 15 22:08:11 server1
sssd[be[winnet.local]]: Starting up Aug 15 22:08:11 server1
sssd[be[winnet.local]]: Starting up Aug 15 22:08:13 server1
sssd[be[winnet.local]]: Starting up Aug 15 22:08:16 server1 sssd[pam]:
Starting up Aug 15 22:08:16 server1 sssd[nss]: Starting up Aug 15 22:08:16
server1 sssd[pam]: Starting up Aug 15 22:08:16 server1 sssd[nss]: Starting
up Aug 15 22:08:17 server1 sssd[be[winnet.local]]: Starting up Aug 15
22:08:17 server1 systemd: sssd.service: control process exited, code=exited
status=1 Aug 15 22:08:17 server1 systemd: Failed to start System Security
Services Daemon.
Aug 15 22:08:17 server1 systemd: Unit sssd.service entered failed state.
I had manually generate a sssd.conf under /etc/sssd. I installed sssd with
yum packet manager. I configured sssd.conf like your link:
[sssd]
services = nss, pam
config_file_version = 2
domains = winnet.local
[nss]
[pam]
[domain/winnet.local]
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False
what do i still wrong?
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von steve
Gesendet: Donnerstag, 14. August 2014 13:43
An: Markus Roth
Cc: samba at lists.samba.org
Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup
Zone
On Thu, 2014-08-14 at 12:45 +0200, Markus Roth wrote:
> Hi Steve,
>
> Thanks a lot :-) do i understand that correct that i have to install bind9
and compile samba4 and follow your howto and than configure samba4 with the
RFC 2307 and bind9 dlz?
>
Hi Markus
No, it's not as complicated as that. You can use the existing DNS databases.
1. Install bind9
2. edit /etc/named.conf (or the files under /etc/bind on debian) to look
like:
options {
directory "/var/lib/named";
managed-keys-directory "/var/lib/named/dyn/";
forwarders { 192.168.1.1; };
notify no;
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};
include "/usr/local/samba/private/named.conf";
3. samba_upgradedns --dns-backend=BIND9_DLZ 4. Not sure whether samba
updates the permissions these days so check that the named user has rw on
the dns dbs and r on the keytab under $SAMBAHOME/private 5. Delete the
reverse zone (if you added it for the internal dns) and restart named.
6. re-add the reverse zone
7. _Now_ follow the link for sssd.
HTH,
Steve
>
> Am 14.08.14 um 10:36 schrieb steve
>
> > On Wed, 2014-08-13 at 23:42 +0200, Markus Roth wrote:
> >
> > > Hi Steve,
> >
> > >
> >
> > > thanks for your replay. I've found these artikel on
> >
> > > https://wiki.samba.org/index.php/Local_user_management_and_authent
> > > ication/ss
> >
> > > sd. Two questions:
> >
> > >
> >
> > > 1. Sould i only type for the PATH-Variable on the shell "
> >
> > > PKG_CONFIG_PATH=/usr/local/samba/lib/pkgconfig/" ? Or should i
> > > edit a
> >
> > > special file to type that into that special file?
> >
> > >
> >
> > > 2. At next shoould i try Mehtod1 or Method 2?
> >
> > > If i need method1 do i have to install bind anymore?
> >
> >
> >
> > Hi Markus
> >
> > That article is out of date I'm afraid. To make life easier, please
> > grab
> >
> > a recent version of sssd and go from here:
> >
> > http://linuxcostablanca.blogspot.com.es/2014/04/sssd-ad-backend-with
> > -samba4.html
> >
> >
> >
> > That should solve both your user mapping and ddns queries in one go.
> >
> > HTH,
> >
> > Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list