samba - Aug 2015 - Samba 4 Bind DNS on CentOS 7

Hi Brady,

I realise that but the only named.conf to be found on the system is my 
newly created /etc/named.conf. Either something screwed up when 
installing the Sernet RPMs, which is really pretty unlikely given that 
everything else is working, or the file was not included in the package.

regards,
John


On 21/08/15 10:16, Brady, Mike wrote:
> On 2015-08-21 11:18, John Gardeniers wrote:
>> Can anyone point me to instruction for setting up Bind to work with
>> Samba 4 on CentOS 7? I know there are some instruction at
>> https://wiki.samba.org/index.php/DNS_Backend_BIND but they're
>> incomplete when using the Sernet repo. In particular, it refers to
>> 'include "/usr/local/samba/private/named.conf";' but
that file doesn't
>> exist at any location on my system.
>>
>> Is this a generic file that I can copy from some other
>> place/system/person, or is it a dynamically generated, system
>> specific, file created during the install? I thought I might be able
>> to set up an Ubuntu server and grab it from there but, like CentOS,
>> samba-ad doesn't exist in the standard repos, which puts me back at
>> Sernet, with nothing gained. Is there a distro which actually has
>> samba-ad in the standard repos?
>>
>> regards,
>> John
> Sernet packages on Centos 7 use /var/lib/samba/private for those files.
>

On 2015-08-21 12:52, John Gardeniers wrote:
> Hi Brady,
> 
> I realise that but the only named.conf to be found on the system is my
> newly created /etc/named.conf. Either something screwed up when
> installing the Sernet RPMs, which is really pretty unlikely given that
> everything else is working, or the file was not included in the
> package.
> 
> regards,
> John
> 
> 
> On 21/08/15 10:16, Brady, Mike wrote:
>> On 2015-08-21 11:18, John Gardeniers wrote:
>>> Can anyone point me to instruction for setting up Bind to work with
>>> Samba 4 on CentOS 7? I know there are some instruction at
>>> https://wiki.samba.org/index.php/DNS_Backend_BIND but they're
>>> incomplete when using the Sernet repo. In particular, it refers to
>>> 'include "/usr/local/samba/private/named.conf";'
but that file
>>> doesn't
>>> exist at any location on my system.
>>> 
>>> Is this a generic file that I can copy from some other
>>> place/system/person, or is it a dynamically generated, system
>>> specific, file created during the install? I thought I might be
able
>>> to set up an Ubuntu server and grab it from there but, like CentOS,
>>> samba-ad doesn't exist in the standard repos, which puts me
back at
>>> Sernet, with nothing gained. Is there a distro which actually has
>>> samba-ad in the standard repos?
>>> 
>>> regards,
>>> John
>> Sernet packages on Centos 7 use /var/lib/samba/private for those 
>> files.
>> 
John

I have multiple Sernet 4.2/Centos 7 DC installed using Bind and they all 
have a /var/lib/samba/private/named.conf.  I do not know if the 
named.conf is installed by the package or is generated.  The file isn't 
owned by any package, so I assume that it is generated by either the 
provision or when configuring the DC to use Bind.

That particular file is not unique to each install.  For CentOS 7 it 
contains
>>>>>>>>>>>>>>> Cut
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen 
support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba/private/named.conf";

#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
     # For BIND 9.8.x
     # database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";

     # For BIND 9.9.x
      database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so";

     # For BIND 9.10.x
     # database "dlopen /usr/lib64/samba/bind9/dlz_bind9_10.so";
};
>>>>>>>>>>>>>>> Cut
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
but if you do not have the file, then there is something wrong with your 
install and/or provision and you may may well be missing other files.

My /var/lib/samba/private contains

[root at dc03 private]# ll
total 14536
drwxrwx--- 3 root  named    4096 Aug  3 11:48 dns
-rw------- 1 named named     862 Jun 18 13:19 dns.keytab
-rw------- 1 root  root     2073 Jun  3 12:26 dns_update_cache
-rw-r--r-- 1 root  root     3183 Jun  3 12:17 dns_update_list
-rw------- 1 root  root  1286144 Jun  3 12:17 hklm.ldb
-rw------- 1 root  root  3366912 Aug  3 12:33 idmap.ldb
-rw------- 1 root  root  1609728 Jun 17 11:15 idmap.ldb.old
-rw-r--r-- 1 root  root      101 Jun  3 12:17 krb5.conf
srwxrwxrwx 1 root  root        0 Aug 18 16:01 ldapi
drwxr-x--- 2 root  root     4096 Aug 18 16:01 ldap_priv
-rw-r--r-- 1 root  root      633 Jun 18 13:19 named.conf
-r--r--r-- 1 root  root      310 Jul  2 11:00 named.conf.update
-rw-r--r-- 1 root  root     2090 Jun 18 13:19 named.txt
-rw------- 1 root  root      696 Aug 18 16:01 netlogon_creds_cli.tdb
-rw------- 1 root  root  1286144 Jun  3 12:17 privilege.ldb
-rw------- 1 root  root      696 Jun  3 12:26 randseed.tdb
-rw------- 1 root  root  4247552 Jun  3 12:17 sam.ldb
drwxr-x--- 2 root  named    4096 Aug  3 11:48 sam.ldb.d
-rw------- 1 root  root    24576 Aug 21 13:39 schannel_store.tdb
-rw------- 1 root  root     1237 Jun  3 12:17 secrets.keytab
-rw------- 1 root  root  1286144 Jun 18 13:19 secrets.ldb
-rw------- 1 root  root   425984 Jun  3 12:26 secrets.tdb
-rw------- 1 root  root  1286144 Jun  3 11:41 share.ldb
drwxr-xr-x 3 root  root     4096 Jun  3 12:26 smbd.tmp
-rw-r--r-- 1 root  root      955 Jun  3 12:17 spn_update_list
drwx------ 2 root  root     4096 Jun  3 12:26 tls


I will be installing (but not provisioning) a couple of new DCs in a 
couple of hours from now.  I will have a look and see if the file is 
deployed as part of the install.

Regards

Mike

On 2015-08-21 14:11, Brady, Mike wrote:
> On 2015-08-21 12:52, John Gardeniers wrote:
>> Hi Brady,
>> 
>> I realise that but the only named.conf to be found on the system is my
>> newly created /etc/named.conf. Either something screwed up when
>> installing the Sernet RPMs, which is really pretty unlikely given that
>> everything else is working, or the file was not included in the
>> package.
>> 
>> regards,
>> John
>> 
>> 
>> On 21/08/15 10:16, Brady, Mike wrote:
>>> On 2015-08-21 11:18, John Gardeniers wrote:
>>>> Can anyone point me to instruction for setting up Bind to work
with
>>>> Samba 4 on CentOS 7? I know there are some instruction at
>>>> https://wiki.samba.org/index.php/DNS_Backend_BIND but
they're
>>>> incomplete when using the Sernet repo. In particular, it refers
to
>>>> 'include
"/usr/local/samba/private/named.conf";' but that file
>>>> doesn't
>>>> exist at any location on my system.
>>>> 
>>>> Is this a generic file that I can copy from some other
>>>> place/system/person, or is it a dynamically generated, system
>>>> specific, file created during the install? I thought I might be
able
>>>> to set up an Ubuntu server and grab it from there but, like
CentOS,
>>>> samba-ad doesn't exist in the standard repos, which puts me
back at
>>>> Sernet, with nothing gained. Is there a distro which actually
has
>>>> samba-ad in the standard repos?
>>>> 
>>>> regards,
>>>> John
>>> Sernet packages on Centos 7 use /var/lib/samba/private for those 
>>> files.
>>> 
> 
> John
> 
> I have multiple Sernet 4.2/Centos 7 DC installed using Bind and they
> all have a /var/lib/samba/private/named.conf.  I do not know if the
> named.conf is installed by the package or is generated.  The file
> isn't owned by any package, so I assume that it is generated by either
> the provision or when configuring the DC to use Bind.
> 
> That particular file is not unique to each install.  For CentOS 7 it 
> contains
> 
>>>>>>>>>>>>>>>> Cut
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen 
> support.
> #
> # This file should be included in your main BIND configuration file
> #
> # For example with
> # include "/var/lib/samba/private/named.conf";
> 
> #
> # This configures dynamically loadable zones (DLZ) from AD schema
> # Uncomment only single database line, depending on your BIND version
> #
> dlz "AD DNS Zone" {
>     # For BIND 9.8.x
>     # database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";
> 
>     # For BIND 9.9.x
>      database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so";
> 
>     # For BIND 9.10.x
>     # database "dlopen /usr/lib64/samba/bind9/dlz_bind9_10.so";
> };
>>>>>>>>>>>>>>>> Cut
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> 
> but if you do not have the file, then there is something wrong with
> your install and/or provision and you may may well be missing other
> files.
> 
> My /var/lib/samba/private contains
> 
> [root at dc03 private]# ll
> total 14536
> drwxrwx--- 3 root  named    4096 Aug  3 11:48 dns
> -rw------- 1 named named     862 Jun 18 13:19 dns.keytab
> -rw------- 1 root  root     2073 Jun  3 12:26 dns_update_cache
> -rw-r--r-- 1 root  root     3183 Jun  3 12:17 dns_update_list
> -rw------- 1 root  root  1286144 Jun  3 12:17 hklm.ldb
> -rw------- 1 root  root  3366912 Aug  3 12:33 idmap.ldb
> -rw------- 1 root  root  1609728 Jun 17 11:15 idmap.ldb.old
> -rw-r--r-- 1 root  root      101 Jun  3 12:17 krb5.conf
> srwxrwxrwx 1 root  root        0 Aug 18 16:01 ldapi
> drwxr-x--- 2 root  root     4096 Aug 18 16:01 ldap_priv
> -rw-r--r-- 1 root  root      633 Jun 18 13:19 named.conf
> -r--r--r-- 1 root  root      310 Jul  2 11:00 named.conf.update
> -rw-r--r-- 1 root  root     2090 Jun 18 13:19 named.txt
> -rw------- 1 root  root      696 Aug 18 16:01 netlogon_creds_cli.tdb
> -rw------- 1 root  root  1286144 Jun  3 12:17 privilege.ldb
> -rw------- 1 root  root      696 Jun  3 12:26 randseed.tdb
> -rw------- 1 root  root  4247552 Jun  3 12:17 sam.ldb
> drwxr-x--- 2 root  named    4096 Aug  3 11:48 sam.ldb.d
> -rw------- 1 root  root    24576 Aug 21 13:39 schannel_store.tdb
> -rw------- 1 root  root     1237 Jun  3 12:17 secrets.keytab
> -rw------- 1 root  root  1286144 Jun 18 13:19 secrets.ldb
> -rw------- 1 root  root   425984 Jun  3 12:26 secrets.tdb
> -rw------- 1 root  root  1286144 Jun  3 11:41 share.ldb
> drwxr-xr-x 3 root  root     4096 Jun  3 12:26 smbd.tmp
> -rw-r--r-- 1 root  root      955 Jun  3 12:17 spn_update_list
> drwx------ 2 root  root     4096 Jun  3 12:26 tls
> 
> 
> I will be installing (but not provisioning) a couple of new DCs in a
> couple of hours from now.  I will have a look and see if the file is
> deployed as part of the install.
> 
> Regards
> 
> Mike
Immediately after installation /var/lib/samba/private is empty. So 
everything in it is "generated", I assume by the provision.