Re: [Samba] HOWTO samba4 centos5.5 named dnsupdate drbd simple failover
centOs5.5/samba4/named here is a short guide setting it up to work. This Version is with some minor adds about profiles. First of all do not install the bind package coming with centos 5.5!! Install needs for samba yum install libacl* gnutls* readline* python* gdb* autoconf* Named installation: Here is a description on what to do: http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d nssec-nsec3-support/ The steps, yum -y install make gcc rpm-build libtool autoconf openssl-devel libcap-devel libidn-devel libxml2-devel openldap-devel postgresql-devel sqlite-devel mysql-devel krb5-devel xmlto For named to compile correctly you need this 2 packages too: yum -y install curl* download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa rch.rpm cd /usr/src/redhat/SRPMS wget -c ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/bind-9.6.*.src.rpm wget -c ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/dnssec-conf-*.src.rpm cd /usr/src/redhat/SRPMS wget -c ftp://mirrors.kernel.org/pub/fedora/updates/12/SRPMS/bind-9.6.*.src.rpm wget -c ftp://mirrors.kernel.org/pub/fedora/releases/12/Fedora/source/SRPMS/dnssec-c onf-*.src.rpm rpm -ivh --nomd5 bind-9.6.*.src.rpm dnssec-conf-*.src.rpm cd /usr/src/redhat/SPECS rpmbuild -ba ./bind.spec The built bind RPM is now in /usr/src/redhat/RPMS/i386/ or /usr/src/redhat/RPMS/x86_64/ depending on your Arch. rpmbuild --ba ./dnssec-conf.spec The built dnssec-conf RPM is now in /usr/src/redhat/RPMS/noarch/ cd /usr/src/redhat/RPMS/*86* rpm -Uvh bind-9.6.*.rpm bind-utils-9.6.*.rpm bind-libs-9.6.*.rpm ../noarch/dnssec-conf-1.21-*.noarch.rpm Now bind is installed Config-File in /etc/named.conf I disabled in options: //dnssec-enable yes; //dnssec-validation yes; //dnssec-lookaside . trust-anchor dlv.isc.org.; To make bind work you have to add user named to the group named. Set the rights to make named work correctly chmod 770 /etc/named.conf chmod 770 /etc/named.rfc1912.zones chown root:named /etc/named.conf chown named:named /etc/named.rfc1912.zones chmod -R 770 /var/named chown -R named:named /var/named chown named:named /etc/rndc.key chown named:named /var/run/named/ Now download and install samba: url: http://wiki.samba.org/index.php/Samba4/HOWTO mkdir samba4 cd samba4 rsync -avz samba.org::ftp/unpacked/samba_4_0_test/ . cd /source4 ./autogen.sh ./configure.devloper make make install Samba4 is now installed in /usr/local/samba Provision it: Cd /samba4/source4 ./setup/provision --realm=samdom.example.com --domain=SAMDOM --adminpass=SOMEPASSWORD --server-role='domain controller' In my case: ./setup/provision --realm=tuebingen.tst.loc --domain=TUEBINGEN--adminpass=SOMEPASSWORD --server-role='domain controller' Now you nedd to add the PATH to roots .bash_profile in /root --> PATH=$PATH:$HOME/bin:/usr/local/samba/bin:/usr/local/samba/sbin ldconfig which samba must answer: /usr/local/samba/sbin/samba Now you must set the lib paths: echo "/usr/local/samba/lib" > /etc/ld.so.conf.d/samba4.conf The next things to do( named should have read and write) : Cd /usr/local/samba/private Chown named:named krb5.conf Chown -R named:named /usr/local/samba/private/dns Chown named:named named.conf Chown named:named named.conf.update Chown named:named dns.keytab Cp krb5.conf /etc # this will overwrite the org. krb5.conf cd /etc/sysconfig Vi named There add a line at the bootom: KEYTAB_FILE="/usr/local/samba/private/dns.keytab" export KEYTAB_FILE Now you must update your /etc/named.conf , Be sure to have em listen on a IP not only 127.0.0.1: Here is mine options { listen-on port 53 { 127.0.0.1;192.168.134.27; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost;allyoursubnetshere; }; recursion yes; forwarders { 192.168.134.253; };##put here your first dns if you have }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/usr/local/samba/private/named.conf";samba4 link include "/etc/named.rfc1912.zones"; In your /etc/resolv.conf you have one single entry: → nameserver localhost Now you have to put in your globals /usr/local/smba/etc/smb.conf Interfaces=eth0 # or Ipaddress Now samba -I -M single And you are done!!! Samba_dnsupdate --verbose will give you: [r...@node1 etc]# samba_dnsupdate --verbose Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as tuebingen.tst.loc. Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as node1.tuebingen.tst.loc. Looking for DNS entry CNAME 365d2a9f-bfe6-462d-965e-8622bfefc190._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc as 365d2a9f-bf
Re: [Samba] HOWTO samba4 centos5.5 named dnsupdate drbd simple failover
On Mon, Aug 9, 2010 at 10:10 AM, Daniel Müller wrote: > > centOs5.5/samba4/named here is a short guide setting it up to work. > First of all do not install the bind package coming with centos 5.5!! > > Install needs for samba > > yum install libacl* gnutls* readline* python* gdb* autoconf* > > Named installation: > Here is a description on what to do: > http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d > nssec-nsec3-support/ > The steps, Thanks for the pointer. I do have some strong suggestions for you. * Never build RPM's as root. Always do them as a user. This takes setting up your $HOME/.rpmmacros, but it's far safer and helps prevent badly written or erroneous .spec files from accidentally doing "rm -rf /" or modifying your installed system files. (I just published patches to an upstream package maintainer to prevent exactly this sort of accidental local modification in the build process.) I'd be happy to publish notes for it. * If possible, build RPM's with the "mock" tool. This assures that you're building them with a clean build environment, rather than with locally modified libraries, or if you need local modifications you've identified them all. Again, I'd be happy to publish notes. > yum -y install make gcc rpm-build libtool autoconf openssl-devel libcap-devel > libidn-devel libxml2-devel openldap-devel postgresql-devel sqlite-devel > mysql-devel krb5-devel xmlto Simply doing "yum -y insall rpmbuild", then "rpmbuild --rebuild samba-*.src.rpm" should identify the dependencies for the existing samba packages or any *.src.rpm you work with. > For named to compile correctly you need this 2 packages too: > > yum -y install curl* > > download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa > rch.rpm EPEL is great, and also available at ftp://mirrors.kernel.org/fedora-epel/5/. And whether to use i386 or x86_64 depends on your architecture. And EPEL changes versions and discards old ones without announcements, so your needed tool may change behind you back.. Better to install the 'epel-release" RPM from the same repository, and disable the /etc/yum.repos.d/epel.repo if you don't want it on by default, but use it as needed to more gracefully install and update such packages. Also, "dnssec-conf" has been obsoleted in the EPEL repository by "unbound", which I assume will also work. > cd /usr/src/redhat/SRPMS > wget -c > ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/bind-9.6.*.src.rpm > wget -c > ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/dnssec-conf-*.src.rpm > > > cd /usr/src/redhat/SRPMS > wget -c > ftp://mirrors.kernel.org/pub/fedora/updates/12/SRPMS/bind-9.6.*.src.rpm > wget -c > ftp://mirrors.kernel.org/pub/fedora/releases/12/Fedora/source/SRPMS/dnssec-c > onf-*.src.rpm > rpm -ivh --nomd5 bind-9.6.*.src.rpm dnssec-conf-*.src.rpm Fedora 13 is out. But this doesn't work with either Fedora 12 or 13 packages, unless you've separately updated your RPM to be compatible with current Fedora releases. That's fairly awkward to do. To work around that, you need to extract the files and drop them ni place manually. If you use .rpmmacros, it looks like this: cd $HOME/rpm/SOURCES for name in ../SRPMS/bind-9.6.*.src.rpm rpm2cpio $name | cpio -i mv bind.spec ../SPECS/bind.spec rpmbuild -bs --nodeps ../SPECS/bind.spec done rpmbuild -bs --nodeps rpmbuild --rebuild ../SRPMS/bind-9.6-[whatever].el5.src.rpm > cd /usr/src/redhat/SPECS > rpmbuild -ba ./bind.spec > > The built bind RPM is now in /usr/src/redhat/RPMS/i386/ or > /usr/src/redhat/RPMS/x86_64/ depending on your Arch. > > rpmbuild --ba ./dnssec-conf.spec > > The built dnssec-conf RPM is now in /usr/src/redhat/RPMS/noarch/ Which is now unnecessary, due to the availability of dnssec-conf's successor in EPEL. > cd /usr/src/redhat/RPMS/*86* > rpm -Uvh bind-9.6.*.rpm bind-utils-9.6.*.rpm bind-libs-9.6.*.rpm > ../noarch/dnssec-conf-1.21-*.noarch.rpm > > Now bind is installed Config-File in /etc/named.conf I disabled in options: > //dnssec-enable yes; > //dnssec-validation yes; > //dnssec-lookaside . trust-anchor dlv.isc.org.; > > To make bind work you have to add user named to the group named. > Set the rights to make named work correctly > chmod 770 /etc/named.conf > chmod 770 /etc/named.rfc1912.zones > chown root:named /etc/named.conf > chown named:named /etc/named.rfc1912.zones > chmod -R 770 /var/named > chown -R named:named /var/named > chown named:named /etc/rndc.key > chown named:named /var/run/named/ named is already there from your installations of the bind RPM. Look in the '%post' commands. I'm going to take a break here, before getting into building Samba 4 itself. While your guidelines are helpful, I'm afraid they're off the beaten path for RPM based installations, and I'd like to encourage you to update them. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/ma
[Samba] HOWTO samba4 centos5.5 named dnsupdate drbd simple failover
centOs5.5/samba4/named here is a short guide setting it up to work. First of all do not install the bind package coming with centos 5.5!! Install needs for samba yum install libacl* gnutls* readline* python* gdb* autoconf* Named installation: Here is a description on what to do: http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d nssec-nsec3-support/ The steps, yum -y install make gcc rpm-build libtool autoconf openssl-devel libcap-devel libidn-devel libxml2-devel openldap-devel postgresql-devel sqlite-devel mysql-devel krb5-devel xmlto For named to compile correctly you need this 2 packages too: yum -y install curl* download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa rch.rpm cd /usr/src/redhat/SRPMS wget -c ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/bind-9.6.*.src.rpm wget -c ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/dnssec-conf-*.src.rpm cd /usr/src/redhat/SRPMS wget -c ftp://mirrors.kernel.org/pub/fedora/updates/12/SRPMS/bind-9.6.*.src.rpm wget -c ftp://mirrors.kernel.org/pub/fedora/releases/12/Fedora/source/SRPMS/dnssec-c onf-*.src.rpm rpm -ivh --nomd5 bind-9.6.*.src.rpm dnssec-conf-*.src.rpm cd /usr/src/redhat/SPECS rpmbuild -ba ./bind.spec The built bind RPM is now in /usr/src/redhat/RPMS/i386/ or /usr/src/redhat/RPMS/x86_64/ depending on your Arch. rpmbuild --ba ./dnssec-conf.spec The built dnssec-conf RPM is now in /usr/src/redhat/RPMS/noarch/ cd /usr/src/redhat/RPMS/*86* rpm -Uvh bind-9.6.*.rpm bind-utils-9.6.*.rpm bind-libs-9.6.*.rpm ../noarch/dnssec-conf-1.21-*.noarch.rpm Now bind is installed Config-File in /etc/named.conf I disabled in options: //dnssec-enable yes; //dnssec-validation yes; //dnssec-lookaside . trust-anchor dlv.isc.org.; To make bind work you have to add user named to the group named. Set the rights to make named work correctly chmod 770 /etc/named.conf chmod 770 /etc/named.rfc1912.zones chown root:named /etc/named.conf chown named:named /etc/named.rfc1912.zones chmod -R 770 /var/named chown -R named:named /var/named chown named:named /etc/rndc.key chown named:named /var/run/named/ Now download and install samba: url: http://wiki.samba.org/index.php/Samba4/HOWTO mkdir samba4 cd samba4 rsync -avz samba.org::ftp/unpacked/samba_4_0_test/ . cd /source4 ./autogen.sh ./configure.devloper make make install Samba4 is now installed in /usr/local/samba Provision it: Cd /samba4/source4 ./setup/provision --realm=samdom.example.com --domain=SAMDOM --adminpass=SOMEPASSWORD --server-role='domain controller' In my case: ./setup/provision --realm=tuebingen.tst.loc --domain=TUEBINGEN--adminpass=SOMEPASSWORD --server-role='domain controller' Now you nedd to add the PATH to roots .bash_profile in /root --> PATH=$PATH:$HOME/bin:/usr/local/samba/bin:/usr/local/samba/sbin ldconfig which samba must answer: /usr/local/samba/sbin/samba Now you must set the lib paths: echo "/usr/local/samba/lib" > /etc/ld.so.conf.d/samba4.conf The next things to do( named should have read and write) : Cd /usr/local/samba/private Chown named:named krb5.conf Chown -R named:named /usr/local/samba/private/dns Chown named:named named.conf Chown named:named named.conf.update Chown named:named dns.keytab Cp krb5.conf /etc # this will overwrite the org. krb5.conf cd /etc/sysconfig Vi named There add a line at the bootom: KEYTAB_FILE="/usr/local/samba/private/dns.keytab" export KEYTAB_FILE Now you must update your /etc/named.conf , Be sure to have em listen on a IP not only 127.0.0.1: Here is mine options { listen-on port 53 { 127.0.0.1;192.168.134.27; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost;allyoursubnetshere; }; recursion yes; forwarders { 192.168.134.253; };##put here your first dns if you have }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/usr/local/samba/private/named.conf";samba4 link include "/etc/named.rfc1912.zones"; In your /etc/resolv.conf you have one single entry: → nameserver localhost Now you have to put in your globals /usr/local/smba/etc/smb.conf Interfaces=eth0 Now samba -I -M single And you are done!!! Samba_dnsupdate --verbose will give you: [r...@node1 etc]# samba_dnsupdate --verbose Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as tuebingen.tst.loc. Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as node1.tuebingen.tst.loc. Looking for DNS entry CNAME 365d2a9f-bfe6-462d-965e-8622bfefc190._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc as 365d2a9f-bfe6-462d-965e-8622bfefc190._msdcs.tuebingen.tst.loc. Looking for DNS