Web lists-archives.com

Re: [Samba] using samba with bind dlz




On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba <
samba@xxxxxxxxxxxxxxx> wrote:

> On Mon, 10 Jul 2017 06:43:37 -0600
> Jeff Sadowski <jeff.sadowski@xxxxxxxxx> wrote:
>
> > Bind-9.11 is installed. How do you configure it? Does it need anything
> > special in the config for samba to build the ...samba.../named.conf
> > file that I should be able to include in my /etc/named.conf
> > afterwards?
>
> With Fedora being a bit 'bleeding edge', I just wondered if they had
> started using Bind10, but 9.11 should be okay, Samba knows all about
> that version ;-)
>
> >
> >  My guess is that some directory is missing. But if I start fresh and
> > configure samba with the internal dns it gets all the way through it's
> > configuration with no errors.
>
> Not sure, all I can tell you is what packages I install when creating a
> DC on Devuan:
>
> samba acl attr quota fam winbind libpam-winbind libpam-krb5
> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9
> bind9utils
>
> of course fedora would have all different package names.
I avoided installing bind-chroot and  bind-sdb-chroot.x86_64 as the bind
dlz  info on samba
said not to chroot bind I'm not sure what bind99 libs are but I installed
all other bind
packages listed with "dnf list bind*"

[root@dc1 ~]# dnf list dns* |grep -v i686
Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017 05:51:50 AM
MDT.
Installed Packages
dnsjava.noarch                             2.1.3-12.fc26
 @rawhide
Available Packages
dnscap.x86_64                              141-11.fc26
 rawhide
dnscrypt-proxy.x86_64                      1.9.0-2.fc26
rawhide
dnscrypt-proxy-gui.x86_64                  1.11.10-1.fc27
rawhide
dnsdist.x86_64                             1.1.0-6.fc27
rawhide
dnsenum.noarch                             1.2.4.2-7.fc27
rawhide
dnsjava-javadoc.noarch                     2.1.3-12.fc26
 rawhide
dnsmap.x86_64                              0.30-11.fc26
rawhide
dnsmasq.x86_64                             2.77-3.fc27
 rawhide
dnsmasq-utils.x86_64                       2.77-3.fc27
 rawhide
dnsperf.x86_64                             2.1.0.0-7.fc27
rawhide
dnssec-check.x86_64                        2.1-7.fc26
rawhide
dnssec-nodes.x86_64                        2.1-6.fc26
rawhide
dnssec-system-tray.x86_64                  2.1-6.fc26
rawhide
dnssec-tools.x86_64                        2.2-3.fc25
rawhide
dnssec-tools-libs.x86_64                   2.2-3.fc25
rawhide
dnssec-tools-libs-devel.x86_64             2.2-3.fc25
rawhide
dnssec-tools-perlmods.x86_64               2.2-3.fc25
rawhide
dnssec-trigger.x86_64                      0.13-3.fc27
 rawhide
dnssec-trigger-panel.x86_64                0.13-3.fc27
 rawhide
dnssec4j.noarch                            0.1.6-3.fc26
rawhide
dnssec4j-javadoc.noarch                    0.1.6-3.fc26
rawhide
dnstop.x86_64                              20140915-4.fc26
 rawhide
dnstracer.x86_64                           1.9-16.fc27
 rawhide
dnsyo.noarch                               2.0.7-3.fc26
rawhide

dnssec-tools look interesting but when I try to install those I get errors.

[root@dc1 ~]# dnf install dnssec-*
Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017 05:51:50 AM
MDT.
Error:
 Problem 1: conflicting requests
  - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by
dnssec-tools-2.2-3.fc25.x86_64
 Problem 2: conflicting requests
  - nothing provides libperl.so.5.24()(64bit) needed by
dnssec-tools-perlmods-2.2-3.fc25.x86_64

I'll have to go plead with the package maintainer. Although I'm not sure
even if I install those if that is really what it is complaining about.
I wonder what tool the samba-tool uses. I'll have to go try and see if I
can figure it out so I know what it is I really need.

nothing interesting listing in lippam*
I installed a lot of pam* that looks like what I might need. I have pam_krb5


>
> > I've tried without named running and with it running and get the same
> > error. Mayke something missing in the python scripts building the dns
> > file.
> >
>
> I just install Bind9, configure it, but do not start it. I then
> provision Samba. I then start Bind9 followed by Samba and it just
> works. Perhaps there is something wrong in your bind conf files ?
>
>
If i do a query against the local dns I get a return so it looks like when
running it works fine.

my named.conf looks like so

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
        include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

/etc/crypto-policies/back-ends/bind.config looks like

disable-algorithms "." {
RSAMD5;
};
disable-ds-digests "." {
GOST;
};



> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba