Re: [Samba] HOWTO samba4 centos5.5 named dnsupdate drbd simple failover
centOs5.5/samba4/named here is a short guide setting it up to work.
This Version is with some minor adds about profiles.
First of all do not install the bind package coming with centos 5.5!!
Install needs for samba
yum install libacl* gnutls* readline* python* gdb* autoconf*
Named installation:
Here is a description on what to do:
http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d
nssec-nsec3-support/
The steps,
yum -y install make gcc rpm-build libtool autoconf openssl-devel libcap-devel
libidn-devel libxml2-devel openldap-devel postgresql-devel sqlite-devel
mysql-devel krb5-devel xmlto
For named to compile correctly you need this 2 packages too:
yum -y install curl*
download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa
rch.rpm
cd /usr/src/redhat/SRPMS
wget -c
ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/bind-9.6.*.src.rpm
wget -c
ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/dnssec-conf-*.src.rpm
cd /usr/src/redhat/SRPMS
wget -c
ftp://mirrors.kernel.org/pub/fedora/updates/12/SRPMS/bind-9.6.*.src.rpm
wget -c
ftp://mirrors.kernel.org/pub/fedora/releases/12/Fedora/source/SRPMS/dnssec-c
onf-*.src.rpm
rpm -ivh --nomd5 bind-9.6.*.src.rpm dnssec-conf-*.src.rpm
cd /usr/src/redhat/SPECS
rpmbuild -ba ./bind.spec
The built bind RPM is now in /usr/src/redhat/RPMS/i386/ or
/usr/src/redhat/RPMS/x86_64/ depending on your Arch.
rpmbuild --ba ./dnssec-conf.spec
The built dnssec-conf RPM is now in /usr/src/redhat/RPMS/noarch/
cd /usr/src/redhat/RPMS/*86*
rpm -Uvh bind-9.6.*.rpm bind-utils-9.6.*.rpm bind-libs-9.6.*.rpm
../noarch/dnssec-conf-1.21-*.noarch.rpm
Now bind is installed Config-File in /etc/named.conf I disabled in options:
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside . trust-anchor dlv.isc.org.;
To make bind work you have to add user named to the group named.
Set the rights to make named work correctly
chmod 770 /etc/named.conf
chmod 770 /etc/named.rfc1912.zones
chown root:named /etc/named.conf
chown named:named /etc/named.rfc1912.zones
chmod -R 770 /var/named
chown -R named:named /var/named
chown named:named /etc/rndc.key
chown named:named /var/run/named/
Now download and install samba:
url: http://wiki.samba.org/index.php/Samba4/HOWTO
mkdir samba4
cd samba4
rsync -avz samba.org::ftp/unpacked/samba_4_0_test/ .
cd /source4
./autogen.sh
./configure.devloper
make
make install
Samba4 is now installed in /usr/local/samba
Provision it:
Cd /samba4/source4
./setup/provision --realm=samdom.example.com --domain=SAMDOM
--adminpass=SOMEPASSWORD --server-role='domain controller'
In my case:
./setup/provision --realm=tuebingen.tst.loc
--domain=TUEBINGEN--adminpass=SOMEPASSWORD --server-role='domain controller'
Now you nedd to add the PATH to roots .bash_profile in /root
--> PATH=$PATH:$HOME/bin:/usr/local/samba/bin:/usr/local/samba/sbin
ldconfig
which samba must answer: /usr/local/samba/sbin/samba
Now you must set the lib paths:
echo "/usr/local/samba/lib" > /etc/ld.so.conf.d/samba4.conf
The next things to do( named should have read and write) :
Cd /usr/local/samba/private
Chown named:named krb5.conf
Chown -R named:named /usr/local/samba/private/dns
Chown named:named named.conf
Chown named:named named.conf.update
Chown named:named dns.keytab
Cp krb5.conf /etc # this will overwrite the org. krb5.conf
cd /etc/sysconfig
Vi named There add a line at the bootom:
KEYTAB_FILE="/usr/local/samba/private/dns.keytab"
export KEYTAB_FILE
Now you must update your /etc/named.conf , Be sure to have em listen on a IP
not only 127.0.0.1:
Here is mine
options {
listen-on port 53 { 127.0.0.1;192.168.134.27; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost;allyoursubnetshere; };
recursion yes;
forwarders { 192.168.134.253; };##put here your first dns if you have };
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/usr/local/samba/private/named.conf";samba4 link include
"/etc/named.rfc1912.zones";
In your /etc/resolv.conf you have one single entry: → nameserver localhost
Now you have to put in your globals /usr/local/smba/etc/smb.conf
Interfaces=eth0 # or Ipaddress
Now samba -I -M single
And you are done!!!
Samba_dnsupdate --verbose will give you:
[r...@node1 etc]# samba_dnsupdate --verbose Looking for DNS entry A
tuebingen.tst.loc 192.168.134.27 as tuebingen.tst.loc.
Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as
node1.tuebingen.tst.loc.
Looking for DNS entry CNAME
365d2a9f-bfe6-462d-965e-8622bfefc190._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc as
365d2a9f-bf
Re: [Samba] HOWTO samba4 centos5.5 named dnsupdate drbd simple failover
On Mon, Aug 9, 2010 at 10:10 AM, Daniel Müller wrote: > > centOs5.5/samba4/named here is a short guide setting it up to work. > First of all do not install the bind package coming with centos 5.5!! > > Install needs for samba > > yum install libacl* gnutls* readline* python* gdb* autoconf* > > Named installation: > Here is a description on what to do: > http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d > nssec-nsec3-support/ > The steps, Thanks for the pointer. I do have some strong suggestions for you. * Never build RPM's as root. Always do them as a user. This takes setting up your $HOME/.rpmmacros, but it's far safer and helps prevent badly written or erroneous .spec files from accidentally doing "rm -rf /" or modifying your installed system files. (I just published patches to an upstream package maintainer to prevent exactly this sort of accidental local modification in the build process.) I'd be happy to publish notes for it. * If possible, build RPM's with the "mock" tool. This assures that you're building them with a clean build environment, rather than with locally modified libraries, or if you need local modifications you've identified them all. Again, I'd be happy to publish notes. > yum -y install make gcc rpm-build libtool autoconf openssl-devel libcap-devel > libidn-devel libxml2-devel openldap-devel postgresql-devel sqlite-devel > mysql-devel krb5-devel xmlto Simply doing "yum -y insall rpmbuild", then "rpmbuild --rebuild samba-*.src.rpm" should identify the dependencies for the existing samba packages or any *.src.rpm you work with. > For named to compile correctly you need this 2 packages too: > > yum -y install curl* > > download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa > rch.rpm EPEL is great, and also available at ftp://mirrors.kernel.org/fedora-epel/5/. And whether to use i386 or x86_64 depends on your architecture. And EPEL changes versions and discards old ones without announcements, so your needed tool may change behind you back.. Better to install the 'epel-release" RPM from the same repository, and disable the /etc/yum.repos.d/epel.repo if you don't want it on by default, but use it as needed to more gracefully install and update such packages. Also, "dnssec-conf" has been obsoleted in the EPEL repository by "unbound", which I assume will also work. > cd /usr/src/redhat/SRPMS > wget -c > ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/bind-9.6.*.src.rpm > wget -c > ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/dnssec-conf-*.src.rpm > > > cd /usr/src/redhat/SRPMS > wget -c > ftp://mirrors.kernel.org/pub/fedora/updates/12/SRPMS/bind-9.6.*.src.rpm > wget -c > ftp://mirrors.kernel.org/pub/fedora/releases/12/Fedora/source/SRPMS/dnssec-c > onf-*.src.rpm > rpm -ivh --nomd5 bind-9.6.*.src.rpm dnssec-conf-*.src.rpm Fedora 13 is out. But this doesn't work with either Fedora 12 or 13 packages, unless you've separately updated your RPM to be compatible with current Fedora releases. That's fairly awkward to do. To work around that, you need to extract the files and drop them ni place manually. If you use .rpmmacros, it looks like this: cd $HOME/rpm/SOURCES for name in ../SRPMS/bind-9.6.*.src.rpm rpm2cpio $name | cpio -i mv bind.spec ../SPECS/bind.spec rpmbuild -bs --nodeps ../SPECS/bind.spec done rpmbuild -bs --nodeps rpmbuild --rebuild ../SRPMS/bind-9.6-[whatever].el5.src.rpm > cd /usr/src/redhat/SPECS > rpmbuild -ba ./bind.spec > > The built bind RPM is now in /usr/src/redhat/RPMS/i386/ or > /usr/src/redhat/RPMS/x86_64/ depending on your Arch. > > rpmbuild --ba ./dnssec-conf.spec > > The built dnssec-conf RPM is now in /usr/src/redhat/RPMS/noarch/ Which is now unnecessary, due to the availability of dnssec-conf's successor in EPEL. > cd /usr/src/redhat/RPMS/*86* > rpm -Uvh bind-9.6.*.rpm bind-utils-9.6.*.rpm bind-libs-9.6.*.rpm > ../noarch/dnssec-conf-1.21-*.noarch.rpm > > Now bind is installed Config-File in /etc/named.conf I disabled in options: > //dnssec-enable yes; > //dnssec-validation yes; > //dnssec-lookaside . trust-anchor dlv.isc.org.; > > To make bind work you have to add user named to the group named. > Set the rights to make named work correctly > chmod 770 /etc/named.conf > chmod 770 /etc/named.rfc1912.zones > chown root:named /etc/named.conf > chown named:named /etc/named.rfc1912.zones > chmod -R 770 /var/named > chown -R named:named /var/named > chown named:named /etc/rndc.key > chown named:named /var/run/named/ named is already there from your installations of the bind RPM. Look in the '%post' commands. I'm going to take a break here, before getting into building Samba 4 itself. While your guidelines are helpful, I'm afraid they're off the beaten path for RPM based installations, and I'd like to encourage you to update them. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/ma
[Samba] HOWTO samba4 centos5.5 named dnsupdate drbd simple failover
centOs5.5/samba4/named here is a short guide setting it up to work.
First of all do not install the bind package coming with centos 5.5!!
Install needs for samba
yum install libacl* gnutls* readline* python* gdb* autoconf*
Named installation:
Here is a description on what to do:
http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d
nssec-nsec3-support/
The steps,
yum -y install make gcc rpm-build libtool autoconf openssl-devel libcap-devel
libidn-devel libxml2-devel openldap-devel postgresql-devel sqlite-devel
mysql-devel krb5-devel xmlto
For named to compile correctly you need this 2 packages too:
yum -y install curl*
download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa
rch.rpm
cd /usr/src/redhat/SRPMS
wget -c
ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/bind-9.6.*.src.rpm
wget -c
ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/dnssec-conf-*.src.rpm
cd /usr/src/redhat/SRPMS
wget -c
ftp://mirrors.kernel.org/pub/fedora/updates/12/SRPMS/bind-9.6.*.src.rpm
wget -c
ftp://mirrors.kernel.org/pub/fedora/releases/12/Fedora/source/SRPMS/dnssec-c
onf-*.src.rpm
rpm -ivh --nomd5 bind-9.6.*.src.rpm dnssec-conf-*.src.rpm
cd /usr/src/redhat/SPECS
rpmbuild -ba ./bind.spec
The built bind RPM is now in /usr/src/redhat/RPMS/i386/ or
/usr/src/redhat/RPMS/x86_64/ depending on your Arch.
rpmbuild --ba ./dnssec-conf.spec
The built dnssec-conf RPM is now in /usr/src/redhat/RPMS/noarch/
cd /usr/src/redhat/RPMS/*86*
rpm -Uvh bind-9.6.*.rpm bind-utils-9.6.*.rpm bind-libs-9.6.*.rpm
../noarch/dnssec-conf-1.21-*.noarch.rpm
Now bind is installed Config-File in /etc/named.conf I disabled in options:
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside . trust-anchor dlv.isc.org.;
To make bind work you have to add user named to the group named.
Set the rights to make named work correctly
chmod 770 /etc/named.conf
chmod 770 /etc/named.rfc1912.zones
chown root:named /etc/named.conf
chown named:named /etc/named.rfc1912.zones
chmod -R 770 /var/named
chown -R named:named /var/named
chown named:named /etc/rndc.key
chown named:named /var/run/named/
Now download and install samba:
url: http://wiki.samba.org/index.php/Samba4/HOWTO
mkdir samba4
cd samba4
rsync -avz samba.org::ftp/unpacked/samba_4_0_test/ .
cd /source4
./autogen.sh
./configure.devloper
make
make install
Samba4 is now installed in /usr/local/samba
Provision it:
Cd /samba4/source4
./setup/provision --realm=samdom.example.com --domain=SAMDOM
--adminpass=SOMEPASSWORD --server-role='domain controller'
In my case:
./setup/provision --realm=tuebingen.tst.loc
--domain=TUEBINGEN--adminpass=SOMEPASSWORD --server-role='domain controller'
Now you nedd to add the PATH to roots .bash_profile in /root
--> PATH=$PATH:$HOME/bin:/usr/local/samba/bin:/usr/local/samba/sbin
ldconfig
which samba must answer: /usr/local/samba/sbin/samba
Now you must set the lib paths:
echo "/usr/local/samba/lib" > /etc/ld.so.conf.d/samba4.conf
The next things to do( named should have read and write) :
Cd /usr/local/samba/private
Chown named:named krb5.conf
Chown -R named:named /usr/local/samba/private/dns
Chown named:named named.conf
Chown named:named named.conf.update
Chown named:named dns.keytab
Cp krb5.conf /etc # this will overwrite the org. krb5.conf
cd /etc/sysconfig
Vi named There add a line at the bootom:
KEYTAB_FILE="/usr/local/samba/private/dns.keytab"
export KEYTAB_FILE
Now you must update your /etc/named.conf , Be sure to have em listen on a IP
not only 127.0.0.1:
Here is mine
options {
listen-on port 53 { 127.0.0.1;192.168.134.27; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost;allyoursubnetshere; };
recursion yes;
forwarders { 192.168.134.253; };##put here your first dns if you have };
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/usr/local/samba/private/named.conf";samba4 link include
"/etc/named.rfc1912.zones";
In your /etc/resolv.conf you have one single entry: → nameserver localhost
Now you have to put in your globals /usr/local/smba/etc/smb.conf
Interfaces=eth0
Now samba -I -M single
And you are done!!!
Samba_dnsupdate --verbose will give you:
[r...@node1 etc]# samba_dnsupdate --verbose Looking for DNS entry A
tuebingen.tst.loc 192.168.134.27 as tuebingen.tst.loc.
Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as
node1.tuebingen.tst.loc.
Looking for DNS entry CNAME
365d2a9f-bfe6-462d-965e-8622bfefc190._msdcs.tuebingen.tst.loc
node1.tuebingen.tst.loc as
365d2a9f-bfe6-462d-965e-8622bfefc190._msdcs.tuebingen.tst.loc.
Looking for DNS
