Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba 4 Bind DNS on CentOS 7
56 views
Skip to first unread message
John Gardeniers
Aug 20, 2015, 7:30:03 PM8/20/15
to
Can anyone point me to instruction for setting up Bind to work with
Samba 4 on CentOS 7? I know there are some instruction at
https://wiki.samba.org/index.php/DNS_Backend_BIND but they're incomplete
when using the Sernet repo. In particular, it refers to 'include
"/usr/local/samba/private/named.conf";' but that file doesn't exist at
any location on my system.
Is this a generic file that I can copy from some other
place/system/person, or is it a dynamically generated, system specific,
file created during the install? I thought I might be able to set up an
Ubuntu server and grab it from there but, like CentOS, samba-ad doesn't
exist in the standard repos, which puts me back at Sernet, with nothing
gained. Is there a distro which actually has samba-ad in the standard repos?
regards,
John
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Samba 4 on CentOS 7? I know there are some instruction at
https://wiki.samba.org/index.php/DNS_Backend_BIND but they're incomplete
when using the Sernet repo. In particular, it refers to 'include
"/usr/local/samba/private/named.conf";' but that file doesn't exist at
any location on my system.
Is this a generic file that I can copy from some other
place/system/person, or is it a dynamically generated, system specific,
file created during the install? I thought I might be able to set up an
Ubuntu server and grab it from there but, like CentOS, samba-ad doesn't
exist in the standard repos, which puts me back at Sernet, with nothing
gained. Is there a distro which actually has samba-ad in the standard repos?
regards,
John
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Brady, Mike
Aug 20, 2015, 8:20:03 PM8/20/15
to
On 2015-08-21 11:18, John Gardeniers wrote:
> Can anyone point me to instruction for setting up Bind to work with
> Samba 4 on CentOS 7? I know there are some instruction at
> https://wiki.samba.org/index.php/DNS_Backend_BIND but they're
> incomplete when using the Sernet repo. In particular, it refers to
> 'include "/usr/local/samba/private/named.conf";' but that file doesn't
> exist at any location on my system.
>
> Is this a generic file that I can copy from some other
> place/system/person, or is it a dynamically generated, system
> specific, file created during the install? I thought I might be able
> to set up an Ubuntu server and grab it from there but, like CentOS,
> samba-ad doesn't exist in the standard repos, which puts me back at
> Sernet, with nothing gained. Is there a distro which actually has
> samba-ad in the standard repos?
>
> regards,
> John
Sernet packages on Centos 7 use /var/lib/samba/private for those files.
> Can anyone point me to instruction for setting up Bind to work with
> Samba 4 on CentOS 7? I know there are some instruction at
> https://wiki.samba.org/index.php/DNS_Backend_BIND but they're
> incomplete when using the Sernet repo. In particular, it refers to
> 'include "/usr/local/samba/private/named.conf";' but that file doesn't
> exist at any location on my system.
>
> Is this a generic file that I can copy from some other
> place/system/person, or is it a dynamically generated, system
> specific, file created during the install? I thought I might be able
> to set up an Ubuntu server and grab it from there but, like CentOS,
> samba-ad doesn't exist in the standard repos, which puts me back at
> Sernet, with nothing gained. Is there a distro which actually has
> samba-ad in the standard repos?
>
> regards,
> John
John Gardeniers
Aug 20, 2015, 9:00:04 PM8/20/15
to
Hi Brady,
I realise that but the only named.conf to be found on the system is my
newly created /etc/named.conf. Either something screwed up when
installing the Sernet RPMs, which is really pretty unlikely given that
everything else is working, or the file was not included in the package.
regards,
John
I realise that but the only named.conf to be found on the system is my
newly created /etc/named.conf. Either something screwed up when
installing the Sernet RPMs, which is really pretty unlikely given that
everything else is working, or the file was not included in the package.
regards,
John
Brady, Mike
Aug 20, 2015, 10:20:02 PM8/20/15
to
I have multiple Sernet 4.2/Centos 7 DC installed using Bind and they all
have a /var/lib/samba/private/named.conf. I do not know if the
named.conf is installed by the package or is generated. The file isn't
owned by any package, so I assume that it is generated by either the
provision or when configuring the DC to use Bind.
That particular file is not unique to each install. For CentOS 7 it
contains
>>>>>>>>>>>>>>> Cut <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen
support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba/private/named.conf";
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
# For BIND 9.8.x
# database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";
# For BIND 9.9.x
database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so";
# For BIND 9.10.x
# database "dlopen /usr/lib64/samba/bind9/dlz_bind9_10.so";
};
>>>>>>>>>>>>>>> Cut <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
but if you do not have the file, then there is something wrong with your
install and/or provision and you may may well be missing other files.
My /var/lib/samba/private contains
[root@dc03 private]# ll
total 14536
drwxrwx--- 3 root named 4096 Aug 3 11:48 dns
-rw------- 1 named named 862 Jun 18 13:19 dns.keytab
-rw------- 1 root root 2073 Jun 3 12:26 dns_update_cache
-rw-r--r-- 1 root root 3183 Jun 3 12:17 dns_update_list
-rw------- 1 root root 1286144 Jun 3 12:17 hklm.ldb
-rw------- 1 root root 3366912 Aug 3 12:33 idmap.ldb
-rw------- 1 root root 1609728 Jun 17 11:15 idmap.ldb.old
-rw-r--r-- 1 root root 101 Jun 3 12:17 krb5.conf
srwxrwxrwx 1 root root 0 Aug 18 16:01 ldapi
drwxr-x--- 2 root root 4096 Aug 18 16:01 ldap_priv
-rw-r--r-- 1 root root 633 Jun 18 13:19 named.conf
-r--r--r-- 1 root root 310 Jul 2 11:00 named.conf.update
-rw-r--r-- 1 root root 2090 Jun 18 13:19 named.txt
-rw------- 1 root root 696 Aug 18 16:01 netlogon_creds_cli.tdb
-rw------- 1 root root 1286144 Jun 3 12:17 privilege.ldb
-rw------- 1 root root 696 Jun 3 12:26 randseed.tdb
-rw------- 1 root root 4247552 Jun 3 12:17 sam.ldb
drwxr-x--- 2 root named 4096 Aug 3 11:48 sam.ldb.d
-rw------- 1 root root 24576 Aug 21 13:39 schannel_store.tdb
-rw------- 1 root root 1237 Jun 3 12:17 secrets.keytab
-rw------- 1 root root 1286144 Jun 18 13:19 secrets.ldb
-rw------- 1 root root 425984 Jun 3 12:26 secrets.tdb
-rw------- 1 root root 1286144 Jun 3 11:41 share.ldb
drwxr-xr-x 3 root root 4096 Jun 3 12:26 smbd.tmp
-rw-r--r-- 1 root root 955 Jun 3 12:17 spn_update_list
drwx------ 2 root root 4096 Jun 3 12:26 tls
I will be installing (but not provisioning) a couple of new DCs in a
couple of hours from now. I will have a look and see if the file is
deployed as part of the install.
Regards
Mike
Brady, Mike
Aug 21, 2015, 12:00:03 AM8/21/15
to
everything in it is "generated", I assume by the provision.
John Gardeniers
Aug 21, 2015, 12:40:03 AM8/21/15
to
Hi Mike,
I wonder if I'm missing the file because I only did a classicupgrade,
rather than a provision and perhaps then the file(s) is/are not created.
regards,
John
I wonder if I'm missing the file because I only did a classicupgrade,
rather than a provision and perhaps then the file(s) is/are not created.
regards,
John
Brady, Mike
Aug 21, 2015, 2:10:05 AM8/21/15
to
The files are all there when I do a classic upgrade. I am working on a
project to just that at the moment.
When you did the classic upgrade did you do it with the
--dns-backend-BIND9_DLZ option?
If not you could try doing
samba_upgradedns --dns-backend=SAMBA_INTERNAL
samba_upgradedns --dns-backend=BIND9_DLZ
too see if that forces the files to generate.
Regards
Mike
John Gardeniers
Aug 21, 2015, 2:30:04 AM8/21/15
to
Hi Mike,
I originally installed using the built-in DNS. Then, after finding it
missing most features, I installed Bind and, lacking the named.con,
tried it including likely sounding files from the Samba setup directory
(OK, I was getting desperate). I then ran "samba_upgradedns
--dns-backend=BIND9_DLZ" and discovered that named wouldn't start. After
removing the include line it did start but of course was missing the
important AD stuff. I ran updatedb and again tried to locate named.conf,
again without success. I then reverted back to the internal DNS and
named.conf is still not to be found.
I think, just to satisfy my own curiosity, I'll repeat the install on
another machine and see if I still get the same results. But that's
something for next week. At long last, it's Friday afternoon. :)
regards,
John
===snip== most history removed ===
I originally installed using the built-in DNS. Then, after finding it
missing most features, I installed Bind and, lacking the named.con,
tried it including likely sounding files from the Samba setup directory
(OK, I was getting desperate). I then ran "samba_upgradedns
--dns-backend=BIND9_DLZ" and discovered that named wouldn't start. After
removing the include line it did start but of course was missing the
important AD stuff. I ran updatedb and again tried to locate named.conf,
again without success. I then reverted back to the internal DNS and
named.conf is still not to be found.
I think, just to satisfy my own curiosity, I'll repeat the install on
another machine and see if I still get the same results. But that's
something for next week. At long last, it's Friday afternoon. :)
regards,
John
===snip== most history removed ===
Brady, Mike
Aug 21, 2015, 5:00:05 AM8/21/15
to
Named not starting could be permissions. named runs as the named user
and doesn't have permissions to access the the /var/lib/samba/private
directory. From memory it was one of the directories in the path and
one of the files in /var/lib/samba/private. Can't remember which ones
exactly, but I can have a look on Monday.
No idea why named.conf isn't in /var/lib/samba/private at all though. I
have never not had it there when I needed it.
John Gardeniers
Aug 23, 2015, 5:30:04 PM8/23/15
to
Hi Mike,
It wasn't permissions, it was the fact that the files I tried to include
had variables that didn't expand. Hardly surprising considering those
files weren't intended for the purpose I tried to put them to.
Just one last question - did you use Bind from the repos or did you
build from source?
regards,
John
It wasn't permissions, it was the fact that the files I tried to include
had variables that didn't expand. Hardly surprising considering those
files weren't intended for the purpose I tried to put them to.
Just one last question - did you use Bind from the repos or did you
build from source?
regards,
John
Brady, Mike
Aug 23, 2015, 7:10:03 PM8/23/15
to
On 2015-08-24 09:23, John Gardeniers wrote:
> Hi Mike,
>
> It wasn't permissions, it was the fact that the files I tried to
> include had variables that didn't expand. Hardly surprising
> considering those files weren't intended for the purpose I tried to
> put them to.
>
> Just one last question - did you use Bind from the repos or did you
> build from source?
>
> regards,
> John
>
>
> On 21/08/15 18:52, Brady, Mike wrote:
>> John
>>
>> Named not starting could be permissions. named runs as the named user
>> and doesn't have permissions to access the the /var/lib/samba/private
>> directory. From memory it was one of the directories in the path and
>> one of the files in /var/lib/samba/private. Can't remember which ones
>> exactly, but I can have a look on Monday.
>>
>> No idea why named.conf isn't in /var/lib/samba/private at all though.
>> I have never not had it there when I needed it.
>>
>> Regards
>>
>> Mike
>>
From the repos.
> Hi Mike,
>
> It wasn't permissions, it was the fact that the files I tried to
> include had variables that didn't expand. Hardly surprising
> considering those files weren't intended for the purpose I tried to
> put them to.
>
> Just one last question - did you use Bind from the repos or did you
> build from source?
>
> regards,
> John
>
>
> On 21/08/15 18:52, Brady, Mike wrote:
>> John
>>
>> Named not starting could be permissions. named runs as the named user
>> and doesn't have permissions to access the the /var/lib/samba/private
>> directory. From memory it was one of the directories in the path and
>> one of the files in /var/lib/samba/private. Can't remember which ones
>> exactly, but I can have a look on Monday.
>>
>> No idea why named.conf isn't in /var/lib/samba/private at all though.
>> I have never not had it there when I needed it.
>>
>> Regards
>>
>> Mike
>>
This is what is on one of my production DCs.
[root@dc02 ~]# rpm -qa | grep ^bind
bind-utils-9.9.4-18.el7_1.3.x86_64
bind-sdb-9.9.4-18.el7_1.3.x86_64
bind-license-9.9.4-18.el7_1.3.noarch
bind-9.9.4-18.el7_1.3.x86_64
bind-libs-lite-9.9.4-18.el7_1.3.x86_64
bind-libs-9.9.4-18.el7_1.3.x86_64
0 new messages