samba - Aug 2015 - Samba 4 Bind DNS on CentOS 7

On 2015-08-21 14:11, Brady, Mike wrote:
> On 2015-08-21 12:52, John Gardeniers wrote:
>> Hi Brady,
>> 
>> I realise that but the only named.conf to be found on the system is my
>> newly created /etc/named.conf. Either something screwed up when
>> installing the Sernet RPMs, which is really pretty unlikely given that
>> everything else is working, or the file was not included in the
>> package.
>> 
>> regards,
>> John
>> 
>> 
>> On 21/08/15 10:16, Brady, Mike wrote:
>>> On 2015-08-21 11:18, John Gardeniers wrote:
>>>> Can anyone point me to instruction for setting up Bind to work
with
>>>> Samba 4 on CentOS 7? I know there are some instruction at
>>>> https://wiki.samba.org/index.php/DNS_Backend_BIND but
they're
>>>> incomplete when using the Sernet repo. In particular, it refers
to
>>>> 'include
"/usr/local/samba/private/named.conf";' but that file
>>>> doesn't
>>>> exist at any location on my system.
>>>> 
>>>> Is this a generic file that I can copy from some other
>>>> place/system/person, or is it a dynamically generated, system
>>>> specific, file created during the install? I thought I might be
able
>>>> to set up an Ubuntu server and grab it from there but, like
CentOS,
>>>> samba-ad doesn't exist in the standard repos, which puts me
back at
>>>> Sernet, with nothing gained. Is there a distro which actually
has
>>>> samba-ad in the standard repos?
>>>> 
>>>> regards,
>>>> John
>>> Sernet packages on Centos 7 use /var/lib/samba/private for those 
>>> files.
>>> 
> 
> John
> 
> I have multiple Sernet 4.2/Centos 7 DC installed using Bind and they
> all have a /var/lib/samba/private/named.conf.  I do not know if the
> named.conf is installed by the package or is generated.  The file
> isn't owned by any package, so I assume that it is generated by either
> the provision or when configuring the DC to use Bind.
> 
> That particular file is not unique to each install.  For CentOS 7 it 
> contains
> 
>>>>>>>>>>>>>>>> Cut
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen 
> support.
> #
> # This file should be included in your main BIND configuration file
> #
> # For example with
> # include "/var/lib/samba/private/named.conf";
> 
> #
> # This configures dynamically loadable zones (DLZ) from AD schema
> # Uncomment only single database line, depending on your BIND version
> #
> dlz "AD DNS Zone" {
>     # For BIND 9.8.x
>     # database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";
> 
>     # For BIND 9.9.x
>      database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so";
> 
>     # For BIND 9.10.x
>     # database "dlopen /usr/lib64/samba/bind9/dlz_bind9_10.so";
> };
>>>>>>>>>>>>>>>> Cut
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> 
> but if you do not have the file, then there is something wrong with
> your install and/or provision and you may may well be missing other
> files.
> 
> My /var/lib/samba/private contains
> 
> [root at dc03 private]# ll
> total 14536
> drwxrwx--- 3 root  named    4096 Aug  3 11:48 dns
> -rw------- 1 named named     862 Jun 18 13:19 dns.keytab
> -rw------- 1 root  root     2073 Jun  3 12:26 dns_update_cache
> -rw-r--r-- 1 root  root     3183 Jun  3 12:17 dns_update_list
> -rw------- 1 root  root  1286144 Jun  3 12:17 hklm.ldb
> -rw------- 1 root  root  3366912 Aug  3 12:33 idmap.ldb
> -rw------- 1 root  root  1609728 Jun 17 11:15 idmap.ldb.old
> -rw-r--r-- 1 root  root      101 Jun  3 12:17 krb5.conf
> srwxrwxrwx 1 root  root        0 Aug 18 16:01 ldapi
> drwxr-x--- 2 root  root     4096 Aug 18 16:01 ldap_priv
> -rw-r--r-- 1 root  root      633 Jun 18 13:19 named.conf
> -r--r--r-- 1 root  root      310 Jul  2 11:00 named.conf.update
> -rw-r--r-- 1 root  root     2090 Jun 18 13:19 named.txt
> -rw------- 1 root  root      696 Aug 18 16:01 netlogon_creds_cli.tdb
> -rw------- 1 root  root  1286144 Jun  3 12:17 privilege.ldb
> -rw------- 1 root  root      696 Jun  3 12:26 randseed.tdb
> -rw------- 1 root  root  4247552 Jun  3 12:17 sam.ldb
> drwxr-x--- 2 root  named    4096 Aug  3 11:48 sam.ldb.d
> -rw------- 1 root  root    24576 Aug 21 13:39 schannel_store.tdb
> -rw------- 1 root  root     1237 Jun  3 12:17 secrets.keytab
> -rw------- 1 root  root  1286144 Jun 18 13:19 secrets.ldb
> -rw------- 1 root  root   425984 Jun  3 12:26 secrets.tdb
> -rw------- 1 root  root  1286144 Jun  3 11:41 share.ldb
> drwxr-xr-x 3 root  root     4096 Jun  3 12:26 smbd.tmp
> -rw-r--r-- 1 root  root      955 Jun  3 12:17 spn_update_list
> drwx------ 2 root  root     4096 Jun  3 12:26 tls
> 
> 
> I will be installing (but not provisioning) a couple of new DCs in a
> couple of hours from now.  I will have a look and see if the file is
> deployed as part of the install.
> 
> Regards
> 
> Mike
Immediately after installation /var/lib/samba/private is empty. So 
everything in it is "generated", I assume by the provision.

Hi Mike,

I wonder if I'm missing the file because I only did a classicupgrade, 
rather than a provision and perhaps then the file(s) is/are not created.

regards,
John


On 21/08/15 13:45, Brady, Mike wrote:
> On 2015-08-21 14:11, Brady, Mike wrote:
>> On 2015-08-21 12:52, John Gardeniers wrote:
>>> Hi Brady,
>>>
>>> I realise that but the only named.conf to be found on the system is
my
>>> newly created /etc/named.conf. Either something screwed up when
>>> installing the Sernet RPMs, which is really pretty unlikely given
that
>>> everything else is working, or the file was not included in the
>>> package.
>>>
>>> regards,
>>> John
>>>
>>>
>>> On 21/08/15 10:16, Brady, Mike wrote:
>>>> On 2015-08-21 11:18, John Gardeniers wrote:
>>>>> Can anyone point me to instruction for setting up Bind to
work with
>>>>> Samba 4 on CentOS 7? I know there are some instruction at
>>>>> https://wiki.samba.org/index.php/DNS_Backend_BIND but
they're
>>>>> incomplete when using the Sernet repo. In particular, it
refers to
>>>>> 'include
"/usr/local/samba/private/named.conf";' but that file
>>>>> doesn't
>>>>> exist at any location on my system.
>>>>>
>>>>> Is this a generic file that I can copy from some other
>>>>> place/system/person, or is it a dynamically generated,
system
>>>>> specific, file created during the install? I thought I
might be able
>>>>> to set up an Ubuntu server and grab it from there but, like
CentOS,
>>>>> samba-ad doesn't exist in the standard repos, which
puts me back at
>>>>> Sernet, with nothing gained. Is there a distro which
actually has
>>>>> samba-ad in the standard repos?
>>>>>
>>>>> regards,
>>>>> John
>>>> Sernet packages on Centos 7 use /var/lib/samba/private for
those
>>>> files.
>>>>
>>
>> John
>>
>> I have multiple Sernet 4.2/Centos 7 DC installed using Bind and they
>> all have a /var/lib/samba/private/named.conf.  I do not know if the
>> named.conf is installed by the package or is generated.  The file
>> isn't owned by any package, so I assume that it is generated by
either
>> the provision or when configuring the DC to use Bind.
>>
>> That particular file is not unique to each install.  For CentOS 7 it 
>> contains
>>
>>>>>>>>>>>>>>>>> Cut
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>> # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen 
>> support.
>> #
>> # This file should be included in your main BIND configuration file
>> #
>> # For example with
>> # include "/var/lib/samba/private/named.conf";
>>
>> #
>> # This configures dynamically loadable zones (DLZ) from AD schema
>> # Uncomment only single database line, depending on your BIND version
>> #
>> dlz "AD DNS Zone" {
>>     # For BIND 9.8.x
>>     # database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";
>>
>>     # For BIND 9.9.x
>>      database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so";
>>
>>     # For BIND 9.10.x
>>     # database "dlopen
/usr/lib64/samba/bind9/dlz_bind9_10.so";
>> };
>>>>>>>>>>>>>>>>> Cut
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>>
>> but if you do not have the file, then there is something wrong with
>> your install and/or provision and you may may well be missing other
>> files.
>>
>> My /var/lib/samba/private contains
>>
>> [root at dc03 private]# ll
>> total 14536
>> drwxrwx--- 3 root  named    4096 Aug  3 11:48 dns
>> -rw------- 1 named named     862 Jun 18 13:19 dns.keytab
>> -rw------- 1 root  root     2073 Jun  3 12:26 dns_update_cache
>> -rw-r--r-- 1 root  root     3183 Jun  3 12:17 dns_update_list
>> -rw------- 1 root  root  1286144 Jun  3 12:17 hklm.ldb
>> -rw------- 1 root  root  3366912 Aug  3 12:33 idmap.ldb
>> -rw------- 1 root  root  1609728 Jun 17 11:15 idmap.ldb.old
>> -rw-r--r-- 1 root  root      101 Jun  3 12:17 krb5.conf
>> srwxrwxrwx 1 root  root        0 Aug 18 16:01 ldapi
>> drwxr-x--- 2 root  root     4096 Aug 18 16:01 ldap_priv
>> -rw-r--r-- 1 root  root      633 Jun 18 13:19 named.conf
>> -r--r--r-- 1 root  root      310 Jul  2 11:00 named.conf.update
>> -rw-r--r-- 1 root  root     2090 Jun 18 13:19 named.txt
>> -rw------- 1 root  root      696 Aug 18 16:01 netlogon_creds_cli.tdb
>> -rw------- 1 root  root  1286144 Jun  3 12:17 privilege.ldb
>> -rw------- 1 root  root      696 Jun  3 12:26 randseed.tdb
>> -rw------- 1 root  root  4247552 Jun  3 12:17 sam.ldb
>> drwxr-x--- 2 root  named    4096 Aug  3 11:48 sam.ldb.d
>> -rw------- 1 root  root    24576 Aug 21 13:39 schannel_store.tdb
>> -rw------- 1 root  root     1237 Jun  3 12:17 secrets.keytab
>> -rw------- 1 root  root  1286144 Jun 18 13:19 secrets.ldb
>> -rw------- 1 root  root   425984 Jun  3 12:26 secrets.tdb
>> -rw------- 1 root  root  1286144 Jun  3 11:41 share.ldb
>> drwxr-xr-x 3 root  root     4096 Jun  3 12:26 smbd.tmp
>> -rw-r--r-- 1 root  root      955 Jun  3 12:17 spn_update_list
>> drwx------ 2 root  root     4096 Jun  3 12:26 tls
>>
>>
>> I will be installing (but not provisioning) a couple of new DCs in a
>> couple of hours from now.  I will have a look and see if the file is
>> deployed as part of the install.
>>
>> Regards
>>
>> Mike
>
> Immediately after installation /var/lib/samba/private is empty. So 
> everything in it is "generated", I assume by the provision.
>
>

On 2015-08-21 16:30, John Gardeniers wrote:
> Hi Mike,
> 
> I wonder if I'm missing the file because I only did a classicupgrade,
> rather than a provision and perhaps then the file(s) is/are not
> created.
> 
> regards,
> John
> 
> 
> On 21/08/15 13:45, Brady, Mike wrote:
>> On 2015-08-21 14:11, Brady, Mike wrote:
>>> On 2015-08-21 12:52, John Gardeniers wrote:
>>>> Hi Brady,
>>>> 
>>>> I realise that but the only named.conf to be found on the
system is
>>>> my
>>>> newly created /etc/named.conf. Either something screwed up when
>>>> installing the Sernet RPMs, which is really pretty unlikely
given
>>>> that
>>>> everything else is working, or the file was not included in the
>>>> package.
>>>> 
>>>> regards,
>>>> John
>>>> 
>>>> 
>>>> On 21/08/15 10:16, Brady, Mike wrote:
>>>>> On 2015-08-21 11:18, John Gardeniers wrote:
>>>>>> Can anyone point me to instruction for setting up Bind
to work
>>>>>> with
>>>>>> Samba 4 on CentOS 7? I know there are some instruction
at
>>>>>> https://wiki.samba.org/index.php/DNS_Backend_BIND but
they're
>>>>>> incomplete when using the Sernet repo. In particular,
it refers to
>>>>>> 'include
"/usr/local/samba/private/named.conf";' but that file
>>>>>> doesn't
>>>>>> exist at any location on my system.
>>>>>> 
>>>>>> Is this a generic file that I can copy from some other
>>>>>> place/system/person, or is it a dynamically generated,
system
>>>>>> specific, file created during the install? I thought I
might be
>>>>>> able
>>>>>> to set up an Ubuntu server and grab it from there but,
like
>>>>>> CentOS,
>>>>>> samba-ad doesn't exist in the standard repos, which
puts me back
>>>>>> at
>>>>>> Sernet, with nothing gained. Is there a distro which
actually has
>>>>>> samba-ad in the standard repos?
>>>>>> 
>>>>>> regards,
>>>>>> John
>>>>> Sernet packages on Centos 7 use /var/lib/samba/private for
those
>>>>> files.
>>>>> 
>>> 
>>> John
>>> 
>>> I have multiple Sernet 4.2/Centos 7 DC installed using Bind and
they
>>> all have a /var/lib/samba/private/named.conf.  I do not know if the
>>> named.conf is installed by the package or is generated.  The file
>>> isn't owned by any package, so I assume that it is generated by
>>> either
>>> the provision or when configuring the DC to use Bind.
>>> 
>>> That particular file is not unique to each install.  For CentOS 7
it
>>> contains
>>> 
>>>>>>>>>>>>>>>>>> Cut
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>>> # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen
>>> support.
>>> #
>>> # This file should be included in your main BIND configuration file
>>> #
>>> # For example with
>>> # include "/var/lib/samba/private/named.conf";
>>> 
>>> #
>>> # This configures dynamically loadable zones (DLZ) from AD schema
>>> # Uncomment only single database line, depending on your BIND
version
>>> #
>>> dlz "AD DNS Zone" {
>>>     # For BIND 9.8.x
>>>     # database "dlopen
/usr/lib64/samba/bind9/dlz_bind9.so";
>>> 
>>>     # For BIND 9.9.x
>>>      database "dlopen
/usr/lib64/samba/bind9/dlz_bind9_9.so";
>>> 
>>>     # For BIND 9.10.x
>>>     # database "dlopen
/usr/lib64/samba/bind9/dlz_bind9_10.so";
>>> };
>>>>>>>>>>>>>>>>>> Cut
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>>> 
>>> but if you do not have the file, then there is something wrong with
>>> your install and/or provision and you may may well be missing other
>>> files.
>>> 
>>> My /var/lib/samba/private contains
>>> 
>>> [root at dc03 private]# ll
>>> total 14536
>>> drwxrwx--- 3 root  named    4096 Aug  3 11:48 dns
>>> -rw------- 1 named named     862 Jun 18 13:19 dns.keytab
>>> -rw------- 1 root  root     2073 Jun  3 12:26 dns_update_cache
>>> -rw-r--r-- 1 root  root     3183 Jun  3 12:17 dns_update_list
>>> -rw------- 1 root  root  1286144 Jun  3 12:17 hklm.ldb
>>> -rw------- 1 root  root  3366912 Aug  3 12:33 idmap.ldb
>>> -rw------- 1 root  root  1609728 Jun 17 11:15 idmap.ldb.old
>>> -rw-r--r-- 1 root  root      101 Jun  3 12:17 krb5.conf
>>> srwxrwxrwx 1 root  root        0 Aug 18 16:01 ldapi
>>> drwxr-x--- 2 root  root     4096 Aug 18 16:01 ldap_priv
>>> -rw-r--r-- 1 root  root      633 Jun 18 13:19 named.conf
>>> -r--r--r-- 1 root  root      310 Jul  2 11:00 named.conf.update
>>> -rw-r--r-- 1 root  root     2090 Jun 18 13:19 named.txt
>>> -rw------- 1 root  root      696 Aug 18 16:01
netlogon_creds_cli.tdb
>>> -rw------- 1 root  root  1286144 Jun  3 12:17 privilege.ldb
>>> -rw------- 1 root  root      696 Jun  3 12:26 randseed.tdb
>>> -rw------- 1 root  root  4247552 Jun  3 12:17 sam.ldb
>>> drwxr-x--- 2 root  named    4096 Aug  3 11:48 sam.ldb.d
>>> -rw------- 1 root  root    24576 Aug 21 13:39 schannel_store.tdb
>>> -rw------- 1 root  root     1237 Jun  3 12:17 secrets.keytab
>>> -rw------- 1 root  root  1286144 Jun 18 13:19 secrets.ldb
>>> -rw------- 1 root  root   425984 Jun  3 12:26 secrets.tdb
>>> -rw------- 1 root  root  1286144 Jun  3 11:41 share.ldb
>>> drwxr-xr-x 3 root  root     4096 Jun  3 12:26 smbd.tmp
>>> -rw-r--r-- 1 root  root      955 Jun  3 12:17 spn_update_list
>>> drwx------ 2 root  root     4096 Jun  3 12:26 tls
>>> 
>>> 
>>> I will be installing (but not provisioning) a couple of new DCs in
a
>>> couple of hours from now.  I will have a look and see if the file
is
>>> deployed as part of the install.
>>> 
>>> Regards
>>> 
>>> Mike
>> 
>> Immediately after installation /var/lib/samba/private is empty. So 
>> everything in it is "generated", I assume by the provision.
>> 
>> 
John

The files are all there when I do a classic upgrade.  I am working on a 
project to just that at the moment.

When you did the classic upgrade did you do it with the 
--dns-backend-BIND9_DLZ option?

If not you could try doing

samba_upgradedns --dns-backend=SAMBA_INTERNAL
samba_upgradedns --dns-backend=BIND9_DLZ

too see if that forces the files to generate.

Regards

Mike