[Samba] Samba Internal DNS vs. BIND_DLZ

Robert Moskowitz rgm at htt-consult.com
Thu Aug 27 21:20:41 UTC 2015 


On 08/27/2015 05:10 PM, Rowland Penny wrote:
> On 27/08/15 22:00, Robert Moskowitz wrote:
>> Ah, LDAP is included within Samba, I find.  Don't install provided 
>> one...
>>
>> I suppose I will have to find what schemas, particularly if the bind 
>> dlz schema is included?
>
> ER, you don't actually need to add any extra schemas, it is all built 
> into samba4 when run as an AD DC, if you are struggling to understand 
> this, just think a windows AD DC but running on Linux.

I abandoned Win servers around the time of Win2000!  No AD experience 
here!  I still run my home as an NT Domain; I am trying to get with the 
future here.

> The next thing to understand is if you want an AD DC and want to use 
> an rpm based OS (centos, clearos etc) then you cannot use the distro 
> packages, at the moment, there aren't any. What you can use are the 
> packages supplied by Sernet: http://www.samba.plus/home/

That is why I have had help buiding the sernet 4.2 for me distro. yes, 
this is a Centos 7 system.  And more it is the development distro for 
C7-armv7l.  So some stuff is not present.  But the my sernet 4.2 rpms 
were built on the QEMU server they are using for all this work.

ERGO, I SHOULD have everything in some place resembling where sernet 
puts it.

>
> This is not a bad thing really, as you get more uptodate versions, 
> 4.2.3 at the moment

For now we will have to build our own.  If I show this to be viable, 
perhaps we can automate it.

>
> Rowland
>>
>> On 08/27/2015 04:56 PM, Robert Moskowitz wrote:
>>>
>>>
>>> On 08/27/2015 04:52 PM, Rowland Penny wrote:
>>>> On 27/08/15 21:42, Robert Moskowitz wrote:
>>>>>
>>>>>
>>>>> On 08/27/2015 04:37 PM, Rowland Penny wrote:
>>>>>> On 27/08/15 21:23, Robert Moskowitz wrote:
>>>>>>>
>>>>>>>
>>>>>>> On 08/27/2015 04:18 PM, Marc Muehlfeld wrote:
>>>>>>>> Hello Jim,
>>>>>>>>
>>>>>>>> Am 27.08.2015 um 21:49 schrieb Jim Seymour:
>>>>>>>>>      BIND would be the auth nameserver for example.com and 
>>>>>>>>> delegate
>>>>>>>>>      the samdom.example.com zone to the Samba DNS running on 
>>>>>>>>> the second
>>>>>>>>>      (virtual) interface
>>>>>>>>>
>>>>>>>>>      Samba is the auth nameserver for samdom.example.com
>>>>>>>> If you're already having BIND running, you're just one step 
>>>>>>>> away from
>>>>>>>> including the AD DNS domain as additional domain via DLZ.
>>>>>>>> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9 
>>>>>>>>
>>>>>>>>
>>>>>>>> What's wrong with that?
>>>>>>>
>>>>>>> It says:
>>>>>>>
>>>>>>> include "/usr/local/samba/private/named.conf";
>>>>>>>
>>>>>>> This file does not exist on my sernet 4.2 installation.
>>>>>>>
>>>>>>> In fact, I do not have a /usr/local/samba directory.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> It now also says (at the top):
>>>>>>
>>>>>> As this HowTo is based around a compiled install, the PATHs refer 
>>>>>> to '/usr/local/samba' as a base. If you are using packages from 
>>>>>> your OS or Sernet, this PATH will most likely not exist, you will 
>>>>>> need to find the relevant files on your system, try starting with 
>>>>>> '/var/lib/samba'.
>>>>>
>>>>> Oh this is soooo much fun!  Not..
>>>>>
>>>>>> I also use Sernet Samba 4.2.3 on one of my DCs and the required 
>>>>>> named.conf is in /var/lib/samba/private/
>>>>>
>>>>> Empty dir.
>>>>
>>>> OK, how did you provision samba4 as a DC ?
>>>> I believe that /var/lib/samba/private is empty until the domain is 
>>>> provisioned, at which point it should look like this:
>>>>
>>>> dns          ldapi              randseed.tdb share.ldb
>>>> dns.keytab      ldap_priv          sam.ldb          smbd.tmp
>>>> dns_update_cache  named.conf          sam.ldb.d spn_update_list
>>>> dns_update_list   named.conf.update      schannel_store.tdb tls
>>>> hklm.ldb      named.txt          secrets.keytab
>>>> idmap.ldb      netlogon_creds_cli.tdb  secrets.ldb
>>>> krb5.conf      privilege.ldb          secrets.tdb
>>>
>>> I am still reading all the wiki info, making notes and looking for 
>>> stuff.  No provisioning yet.  I suppose since this build is a 
>>> through away one, I should do that.
>>>
>>> I still have to figure out what ldap rpms to install, along with dhcp!
>>>
>>> Quite a bit to go.  Perhaps I am getting too  bogged down in DNS, as 
>>> I THINK I should know that part up until dlz.
>>>
>>>>
>>>> Rowland
>>>>
>>>>
>>>>
>>>>>
>>>>>> , it is also in /usr/share/samba/setup/ but called named.conf.dlz
>>>>>
>>>>> Ah there it (and others) are!
>>>>>
>>>>> thanks
>>>>>
>>>>
>>>>
>>>
>>>
>>
>
>

More information about the samba mailing list