Saludos a todos. Estoy cacharreando el alpha 13, como lo he hecho ya con los anteriores, a ver qué tiene de nuevo.
Me he encontrado que interactúa con el DNS de una forma más actualizada, y (como era de esperar) que me quedado perdido. Versiones anteriores, como por ejemplo el alpha 8 (cito de memoria, tal vez el 10 o el 11 lo hicieran también), generaban mediante el script provision.pl una información de zona para añadirle al DNS que estuviera funcionando en el ámbito. Algo como: ; -*- zone -*- ; generated by provision.pl $ORIGIN dominio.co.cu. $TTL 1W @ IN SOA @ hostmaster ( 2007121818 ; serial 2D ; refresh 4H ; retry 6W ; expiry 1W ) ; minimum IN NS servidor IN A 192.168.0.8 ; servidor IN A 192.168.0.8 72adddc9-ae48-47a3-9937-0609c662c53df._msdcs IN CNAME servidor ; ; global catalog servers _gc._tcp IN SRV 0 100 3268 servidor _ldap._tcp.gc._msdcs IN SRV 0 100 389 servidor _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs IN SRV 0 100 389 servidor ; ; ldap servers _ldap._tcp IN SRV 0 100 389 servidor _ldap._tcp.dc._msdcs IN SRV 0 100 389 servidor _ldap._tcp.pdc._msdcs IN SRV 0 100 389 servidor _ldap._tcp.ad008960-df36-45e7-8501-88fd48acb494.domains._msdcs IN SRV 0 100 389 servidor _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 389 servidor ; ; krb5 servers _kerberos._tcp IN SRV 0 100 88 servidor _kerberos._tcp.dc._msdcs IN SRV 0 100 88 servidor _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 servidor _kerberos._udp IN SRV 0 100 88 servidor ; MIT kpasswd likes to lookup this name on password change _kerberos-master._tcp IN SRV 0 100 88 servidor _kerberos-master._udp IN SRV 0 100 88 servidor ; ; kpasswd _kpasswd._tcp IN SRV 0 100 464 servidor _kpasswd._udp IN SRV 0 100 464 servidor ; ; heimdal 'find realm for host' hack _kerberos IN TXT dominio.co.cu Añadiendo eso al DNS el Samba 4 me funcionaba perfectamente. Ahora el alpha 13 aprovecha la posibilidad de usar en BIND 9.x el update_policy: (esta es la propuesta que hace el alpha 13) # This file should be included in your main BIND configuration file # # For example with # include "${NAMED_CONF}"; zone "${DNSDOMAIN}." IN { type master; file "${ZONE_FILE}"; /* * the list of principals and what they can change is created * dynamically by Samba, based on the membership of the domain controllers * group. The provision just creates this file as an empty file. */ include "${NAMED_CONF_UPDATE}"; /* we need to use check-names ignore so _msdcs A records can be created */ check-names ignore; }; # The reverse zone configuration is optional. The following example assumes a # subnet of 192.168.0.0/24: zone "0.168.192.in-addr.arpa" in { type master; file "0.168.192.in-addr.arpa.zone"; update-policy { grant ${REALM_WC} wildcard *.0.168.192.in-addr.arpa. PTR; }; }; # Note that the reverse zone file is not created during the provision process. # The most recent BIND versions (9.5.0a5 or later) support secure GSS-TSIG # updates. If you are running an earlier version of BIND, or if you do not wish # to use secure GSS-TSIG updates, you may remove the update-policy sections in # both examples above. La línea grant ${REALM_WC} wildcard me tiene confuso. No sé realmente qué poner ahí, y en consecuencia cuando lanzo al Samba 4 con, por ejemplo, ./samba -i -M single se queja: servidor:/etc/bind# servidor:/usr/local/samba/sbin# ./samba -i -M single samba version 4.0.0alpha13 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 samba: using 'single' process model FIXME: Using new system session for hdb /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 276, in <module> /usr/local/samba/sbin/samba_dnsupdate: if not check_dns_name(d): /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 161, in check_dns_name /usr/local/samba/sbin/samba_dnsupdate: ans = resolver.query(normalised_name, d.type) /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/lib/python2.5/site-packages/samba/external/dns/resolver.py", line 733, in query /usr/local/samba/sbin/samba_dnsupdate: return get_default_resolver().query(qname, rdtype, rdclass, tcp, source) /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/lib/python2.5/site-packages/samba/external/dns/resolver.py", line 673, in query /usr/local/samba/sbin/samba_dnsupdate: answer = Answer(qname, rdtype, rdclass, response) /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/lib/python2.5/site-packages/samba/external/dns/resolver.py", line 121, in __init__ /usr/local/samba/sbin/samba_dnsupdate: raise NoAnswer /usr/local/samba/sbin/samba_dnsupdate: dns.resolver.NoAnswer ../dsdb/dns/dns_update.c:249: Failed DNS update - NT_STATUS_ACCESS_DENIED Testing kcctpl_create_intersite_connections Una consulta al servidor con servidor:/home/alberto# net --server 192.168.0.8 -Uadministrator%Contrasena1 ads lookup kdc Me responde: desarrollo:/home/alberto# net --server 192.168.0.8 -Uadministrator%Contrasena1 ads lookup kdc Information for Domain Controller: 192.168.0.8 Response Type: SAMLOGON GUID: 72adddc9-ae48-47a3-9937-0609c662c53d Flags: Is a PDC: yes Is a GC of the forest: yes Is an LDAP server: yes Supports DS: yes Is running a KDC: yes Is running time services: yes Is the closest DC: yes Is writable: yes Has a hardware clock: yes Is a non-domain NC serviced by LDAP server: no Forest: dominio.co.cu Domain: dominio.co.cu Domain Controller: servidor.dominio.co.cu Pre-Win2k Domain: PART-LAN Pre-Win2k Hostname: \\SERVIDOR Server Site Name : Default-First-Site-Name Client Site Name : Default-First-Site-Name NT Version: 5 LMNT Token: ffff LM20 Token: ffff Pero la consulta: servidor:/home/alberto# net --server 192.168.0.8 -Uadministrator%Contrasena1 ads user info administrator falla con: [2010/10/19 09:03:17, 0] libads/kerberos.c:ads_kinit_password(356) kerberos_kinit_password administra...@dominio.co.cu failed: Cannot resolve network address for KDC in requested realm [2010/10/19 09:03:17, 0] libads/kerberos.c:ads_kinit_password(356) kerberos_kinit_password administra...@dominio.co.cu failed: Cannot resolve network address for KDC in requested realm Estoy necesitado de un buen consejo.... ;-) -- MSc. Alberto García Fumero Usuario Linux 97 318 Las autoridades sanitarias advierten: El uso prolongado de Windows puede provocar dependencia -- Este mensaje ha sido analizado por MailScanner en Partagas en busca de virus y otros contenidos peligrosos, y se considera que est� limpio.
______________________________________________________________________ Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba. Gutl-l@jovenclub.cu http://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l