[Samba] More on bind_dlz - documentation I have not found

Robert Moskowitz rgm at htt-consult.com
Fri Aug 28 13:13:22 UTC 2015 


On 08/28/2015 08:55 AM, Rowland Penny wrote:
> On 28/08/15 13:15, Robert Moskowitz wrote:
>> In the shower this morning, I realized that samba's dlz is through 
>> its ldap interface, probably through dhcp.  :)
>>
>> All of that work researching how to set up a dlz database for 
>> naught.  This is NOT documented in either:
>>
>> https://wiki.samba.org/index.php/DNS
>> or
>> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD
>
> I will discuss this with Marc and if he agrees, I will update the wiki 
> somewhere, I don't want to start altering the wiki because Marc is 
> already massively altering it.

I caught that Marc is updating the wiki.  Good time to catch this item.

>
>>
>> I have not yet checked any ldap documentation on the wiki to see what 
>> it says, but I suspect a dhcp lease results in an ldap update. Would 
>> a lease expire remove that ldap info?
>>
>> So no sql service needed on the DC.
>>
>> Question though, on statically addressed file servers:  How to get 
>> them into the dlz zone.
>>
>> My tld is:                        htt
>> My samba dns zone is:  home.htt
>>
>> I will have a master zone for htt, easy enough to setup as a flat 
>> zone file.  Did it before.
>>
>> The home.htt zone only seems to exist in ldap and bind_dlz provides 
>> lookup answers by querying ldap.  How is the AD DC handled, 
>> homebase.home.htt?  I do not see it in the 
>> /usr/share/samba/setup/named* files.  Is it already in the ldap 
>> repository?
>
> When you provision the domain zones are created for you in AD, have a 
> look in /var/lib/private/sam.ldb.d

Do you mean /var/lib/samba/private/sam.ldb.d?  That is where I am 
finding files of interest.  I do not have the directory you provided.

And what is the difference between:

/usr/share/samba/setup
and
/var/lib/private

I see named.conf in both.  And the setup has other named.* files.

But the zone htt. is NOT in there, nor would I expect it to be. normally 
MOST people use samba.mydomain.com and mydomain.com is found via the 
forwarding.  Of course there is no proper delegation of 
samba.mydomain.com so other systems cannot resolve that subdomain.  Here 
I am building my own TLD, and want proper access elsewhere in my 
internal network, thus the htt.zone file needed.

BTW, I do not see you using views in your named include files.  From 
what I got beaten up long ago on the DNS list (Mark Andrews and I go 
back a long way in the IETF, so it is 'all in fun') that you MUST use views.

>>
>> How do I add my file server, nevia.home.htt?  I could always add it 
>> to the htt.zone file as:
>
> Samba has a swiss army type tool (i.e. it does a lot) 'samba-tool'
> If you run 'samba-tool --help' you will see the base of what it can do.
> if you run 'samba-tool dns --help' this will show what you can do with 
> dns records, I hope you get the idea.

Will do.

>
>>
>> nevia.home    IN    A    ......
>>
>> Can I put cname entries into ldap:
>>
>> repo.home.htt    IN    CNAME    nevia.home.htt.
>>
>> Again, I COULD just put this into the htt.zone file.
>>
>> Then there are MX records for home.htt  :)
>>
>>
>
> You do not use bind flatfiles with dlz, have a look at the scripts I 
> pointed you at for a sample bind file.
Not for the samba zone, but yes for other zones.

thanks

More information about the samba mailing list