[Samba] samba4 internal dns Server ddns for the reverse lookup Zone

Markus Roth markusroth1983 at gmx.net
Fri Aug 15 16:02:49 MDT 2014 

Hi Steve,

Update:
I've now a sssd.conf which can start the sssd.conf daemon. But i also get
the denied messages in the forward and reverse lookup before samba4 do the
successfull ddns updates. Here are my configuration files:

----------------------------------------------------------------------------
---------------------------------------------------------------------------

Sssd.conf:
[sssd]
config_file_version = 2
domains = winnet.local
services = nss, pam
debug_level = 0

[nss]

[pam]

[domain/winnet.local]
ldap_referrals = false
enumerate = false

id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
access_provider = ldap
ldap_schema = rfc2307bis

#ldap_user_search_base = ou=user accounts,dc=ad,dc=example,dc=com
#ldap_user_object_class = user

ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName

#ldap_group_search_base = ou=groups,dc=ad,dc=example,dc=com
#ldap_group_object_class = group

ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
krb5_realm = WINNET.LOCAL
krb5_canonicalize = false

----------------------------------------------------------------------------
---------------------------------------------------------------------------

/etc/named.conf

options {
	listen-on port 53 { 127.0.0.1; 192.168.178.130; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { localhost; 192.168.178.0/24; };
	allow-recursion	{ localhost; 192.168.178.0/24; };
	forwarders	{ 8.8.8.8; 8.8.4.4; };
	tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;
	dnssec-lookaside auto;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include  "/usr/local/samba/private/named.conf";

----------------------------------------------------------------------------
---------------------------------------------------------------------------

Smb.conf

# Global parameters
[global]
	workgroup = WINNET
	realm = WINNET.LOCAL
	netbios name = SERVER1
	server role = active directory domain controller
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate
	idmap_ldb:use rfc2307 = yes

[netlogon]
	path = /usr/local/samba/var/locks/sysvol/winnet.local/scripts
	read only = No

[sysvol]
	path = /usr/local/samba/var/locks/sysvol
	read only = No

----------------------------------------------------------------------------
---------------------------------------------------------------------------

-----Ursprüngliche Nachricht-----
Von: Markus Roth [mailto:markusroth1983 at gmx.net] 
Gesendet: Freitag, 15. August 2014 22:11
An: 'steve'
Cc: 'samba at lists.samba.org'
Betreff: AW: [Samba] samba4 internal dns Server ddns for the reverse lookup
Zone

Hi Steve,

i had setup a new centos7 test environment with sssd 1.11 so i can use your
link instead of an ldap configuration and followed your steps below. But
sssd won't start. I only geht the message under /var/log/messages:

Aug 15 22:08:11 server1 sssd: Starting up Aug 15 22:08:11 server1
sssd[be[winnet.local]]: Starting up Aug 15 22:08:11 server1
sssd[be[winnet.local]]: Starting up Aug 15 22:08:13 server1
sssd[be[winnet.local]]: Starting up Aug 15 22:08:16 server1 sssd[pam]:
Starting up Aug 15 22:08:16 server1 sssd[nss]: Starting up Aug 15 22:08:16
server1 sssd[pam]: Starting up Aug 15 22:08:16 server1 sssd[nss]: Starting
up Aug 15 22:08:17 server1 sssd[be[winnet.local]]: Starting up Aug 15
22:08:17 server1 systemd: sssd.service: control process exited, code=exited
status=1 Aug 15 22:08:17 server1 systemd: Failed to start System Security
Services Daemon.
Aug 15 22:08:17 server1 systemd: Unit sssd.service entered failed state.

I had manually generate a sssd.conf under /etc/sssd. I installed sssd with
yum packet manager. I configured sssd.conf like your link:

[sssd]
services = nss, pam
config_file_version = 2
domains = winnet.local
[nss]
[pam]
[domain/winnet.local]
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False

what do i still wrong? 



-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von steve
Gesendet: Donnerstag, 14. August 2014 13:43
An: Markus Roth
Cc: samba at lists.samba.org
Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup
Zone

On Thu, 2014-08-14 at 12:45 +0200, Markus Roth wrote:
> Hi Steve,
> 
> Thanks a lot :-) do i understand that correct that i have to install bind9
and compile samba4 and follow your howto and than configure samba4 with the
RFC 2307 and bind9 dlz?
> 
Hi Markus
No, it's not as complicated as that. You can use the existing DNS databases.
1. Install bind9
2. edit /etc/named.conf (or the files under /etc/bind on debian) to look
like:
options {
        directory "/var/lib/named";
        managed-keys-directory "/var/lib/named/dyn/";
        forwarders { 192.168.1.1; };
        notify no;
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};
include  "/usr/local/samba/private/named.conf";


3. samba_upgradedns --dns-backend=BIND9_DLZ 4. Not sure whether samba
updates the permissions these days so check that the named user has rw on
the dns dbs and r on the keytab under $SAMBAHOME/private 5. Delete the
reverse zone (if you added it for the internal dns) and restart named.
6. re-add the reverse zone
7. _Now_ follow the link for sssd.
HTH,
Steve


> 
> Am 14.08.14 um 10:36 schrieb steve
> 
> > On Wed, 2014-08-13 at 23:42 +0200, Markus Roth wrote:
> > 
> > > Hi Steve,
> > 
> > > 
> > 
> > > thanks for your replay. I've found these artikel on
> > 
> > > https://wiki.samba.org/index.php/Local_user_management_and_authent
> > > ication/ss
> > 
> > > sd. Two questions:
> > 
> > > 
> > 
> > > 1. Sould i only type for the PATH-Variable on the shell "
> > 
> > > PKG_CONFIG_PATH=/usr/local/samba/lib/pkgconfig/" ? Or should i 
> > > edit a
> > 
> > > special file to type that into that special file?
> > 
> > > 
> > 
> > > 2. At next shoould i try Mehtod1 or Method 2?
> > 
> > > If i need method1 do i have to install bind anymore?
> > 
> > 
> > 
> > Hi Markus
> > 
> > That article is out of date I'm afraid. To make life easier, please 
> > grab
> > 
> > a recent version of sssd and go from here:
> > 
> > http://linuxcostablanca.blogspot.com.es/2014/04/sssd-ad-backend-with
> > -samba4.html
> > 
> > 
> > 
> > That should solve both your user mapping and ddns queries in one go.
> > 
> > HTH,
> > 
> > Steve


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list