[Samba] Changing IP Scope on a Samba DC

Peter Pollock peter.pollock at kingschristian.org
Mon Aug 31 22:10:02 UTC 2020


Thanks Rowland.
I need to do a backup before I try any changes so I'll try to get that done
tonight and apply this. Maybe if I can get the DNS right, Zentyal won't be
so unhappy and will actually allow me to update!

<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Virus-free.
www.avg.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

On Mon, Aug 31, 2020 at 12:09 PM Rowland penny via samba <
samba at lists.samba.org> wrote:

> On 31/08/2020 19:59, Peter Pollock wrote:
> > Yes, it is 192.168.2.0/24 <http://192.168.2.0/24>
> >
> > Thank you.
>
> OK, try these files:
>
> /etc/bind/named.conf
>
> -----------start---------------
> // This is the primary configuration file for the BIND DNS server named.
> //
> // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
> // structure of BIND configuration files in Debian, *BEFORE* you customize
> // this configuration file.
> //
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> ----------end----------------
>
> /etc/bind/named.conf.options
>
> -------------start--------------------
> options {
>          directory "/var/cache/bind";
>          notify no;
>          empty-zones-enable no;
>          allow-query { 127.0.0.1; 192.168.2.0/24; };
>          allow-recursion { 192.168.2.0/24;  127.0.0.1/32; };
>          forwarders {
>                  208.67.222.123;
>                  208.67.220.123;
>          };
>          allow-transfer { none; };
>          dnssec-validation no;
>          dnssec-enable no;
>          dnssec-lookaside no;
>          listen-on-v6 { none; };
>          listen-on port 53 { 192.168.2.8; 127.0.0.1; };
>
>          tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> };
> --------------------end----------------
>
> /etc/bind/named.conf.local
>
> ----------------------start-------------------
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> //include "/etc/bind/zones.rfc1918";
>
> // adding the Samba dlopen ( Bind DLZ ) module
> include "/var/lib/samba/bind-dns/named.conf";
> -----------------end------------------
>
> /etc/bind/named.conf.default-zones
>
> -------------------start----------------
> // prime the server with knowledge of the root servers
> zone "." {
>      type hint;
>      file "/usr/share/dns/root.hints";
> };
>
> // be authoritative for the localhost forward and reverse zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
>      type master;
>      file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
>      type master;
>      file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
>      type master;
>      file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
>      type master;
>      file "/etc/bind/db.255";
> };
> ----------------------end---------------------
>
> /var/lib/samba/bind-dns/named.conf
>
> ------------------start--------------------
> # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen
> support.
> #
> # This file should be included in your main BIND configuration file
> #
> # For example with
> # include "/var/lib/samba/bind-dns/named.conf";
>
> #
> # This configures dynamically loadable zones (DLZ) from AD schema
> # Uncomment only single database line, depending on your BIND version
> #
> dlz "AD DNS Zone" {
>      # For BIND 9.8.x
>      # database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so";
>
>      # For BIND 9.9.x
>      # database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so";
>
>      # For BIND 9.10.x
>      # database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so";
>
>      # For BIND 9.11.x
>       database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
>
>      # For BIND 9.12.x
>      # database "dlopen
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_12.so";
> };
> --------------------------end------------------------
>
> They are based on my working Bind9 files and that the Samba keytab etc
> are now in /var/lib/samba/bind-dns. Also that you are using Debian with
> Bind9.11.x
>
> Any questions, please ask.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Virus-free.
www.avg.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>


More information about the samba mailing list