samba - Aug 2015 - Samba 4 Bind DNS on CentOS 7

On 2015-08-21 16:30, John Gardeniers wrote:
> Hi Mike,
> 
> I wonder if I'm missing the file because I only did a classicupgrade,
> rather than a provision and perhaps then the file(s) is/are not
> created.
> 
> regards,
> John
> 
> 
> On 21/08/15 13:45, Brady, Mike wrote:
>> On 2015-08-21 14:11, Brady, Mike wrote:
>>> On 2015-08-21 12:52, John Gardeniers wrote:
>>>> Hi Brady,
>>>> 
>>>> I realise that but the only named.conf to be found on the
system is
>>>> my
>>>> newly created /etc/named.conf. Either something screwed up when
>>>> installing the Sernet RPMs, which is really pretty unlikely
given
>>>> that
>>>> everything else is working, or the file was not included in the
>>>> package.
>>>> 
>>>> regards,
>>>> John
>>>> 
>>>> 
>>>> On 21/08/15 10:16, Brady, Mike wrote:
>>>>> On 2015-08-21 11:18, John Gardeniers wrote:
>>>>>> Can anyone point me to instruction for setting up Bind
to work
>>>>>> with
>>>>>> Samba 4 on CentOS 7? I know there are some instruction
at
>>>>>> https://wiki.samba.org/index.php/DNS_Backend_BIND but
they're
>>>>>> incomplete when using the Sernet repo. In particular,
it refers to
>>>>>> 'include
"/usr/local/samba/private/named.conf";' but that file
>>>>>> doesn't
>>>>>> exist at any location on my system.
>>>>>> 
>>>>>> Is this a generic file that I can copy from some other
>>>>>> place/system/person, or is it a dynamically generated,
system
>>>>>> specific, file created during the install? I thought I
might be
>>>>>> able
>>>>>> to set up an Ubuntu server and grab it from there but,
like
>>>>>> CentOS,
>>>>>> samba-ad doesn't exist in the standard repos, which
puts me back
>>>>>> at
>>>>>> Sernet, with nothing gained. Is there a distro which
actually has
>>>>>> samba-ad in the standard repos?
>>>>>> 
>>>>>> regards,
>>>>>> John
>>>>> Sernet packages on Centos 7 use /var/lib/samba/private for
those
>>>>> files.
>>>>> 
>>> 
>>> John
>>> 
>>> I have multiple Sernet 4.2/Centos 7 DC installed using Bind and
they
>>> all have a /var/lib/samba/private/named.conf.  I do not know if the
>>> named.conf is installed by the package or is generated.  The file
>>> isn't owned by any package, so I assume that it is generated by
>>> either
>>> the provision or when configuring the DC to use Bind.
>>> 
>>> That particular file is not unique to each install.  For CentOS 7
it
>>> contains
>>> 
>>>>>>>>>>>>>>>>>> Cut
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>>> # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen
>>> support.
>>> #
>>> # This file should be included in your main BIND configuration file
>>> #
>>> # For example with
>>> # include "/var/lib/samba/private/named.conf";
>>> 
>>> #
>>> # This configures dynamically loadable zones (DLZ) from AD schema
>>> # Uncomment only single database line, depending on your BIND
version
>>> #
>>> dlz "AD DNS Zone" {
>>>     # For BIND 9.8.x
>>>     # database "dlopen
/usr/lib64/samba/bind9/dlz_bind9.so";
>>> 
>>>     # For BIND 9.9.x
>>>      database "dlopen
/usr/lib64/samba/bind9/dlz_bind9_9.so";
>>> 
>>>     # For BIND 9.10.x
>>>     # database "dlopen
/usr/lib64/samba/bind9/dlz_bind9_10.so";
>>> };
>>>>>>>>>>>>>>>>>> Cut
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>>> 
>>> but if you do not have the file, then there is something wrong with
>>> your install and/or provision and you may may well be missing other
>>> files.
>>> 
>>> My /var/lib/samba/private contains
>>> 
>>> [root at dc03 private]# ll
>>> total 14536
>>> drwxrwx--- 3 root  named    4096 Aug  3 11:48 dns
>>> -rw------- 1 named named     862 Jun 18 13:19 dns.keytab
>>> -rw------- 1 root  root     2073 Jun  3 12:26 dns_update_cache
>>> -rw-r--r-- 1 root  root     3183 Jun  3 12:17 dns_update_list
>>> -rw------- 1 root  root  1286144 Jun  3 12:17 hklm.ldb
>>> -rw------- 1 root  root  3366912 Aug  3 12:33 idmap.ldb
>>> -rw------- 1 root  root  1609728 Jun 17 11:15 idmap.ldb.old
>>> -rw-r--r-- 1 root  root      101 Jun  3 12:17 krb5.conf
>>> srwxrwxrwx 1 root  root        0 Aug 18 16:01 ldapi
>>> drwxr-x--- 2 root  root     4096 Aug 18 16:01 ldap_priv
>>> -rw-r--r-- 1 root  root      633 Jun 18 13:19 named.conf
>>> -r--r--r-- 1 root  root      310 Jul  2 11:00 named.conf.update
>>> -rw-r--r-- 1 root  root     2090 Jun 18 13:19 named.txt
>>> -rw------- 1 root  root      696 Aug 18 16:01
netlogon_creds_cli.tdb
>>> -rw------- 1 root  root  1286144 Jun  3 12:17 privilege.ldb
>>> -rw------- 1 root  root      696 Jun  3 12:26 randseed.tdb
>>> -rw------- 1 root  root  4247552 Jun  3 12:17 sam.ldb
>>> drwxr-x--- 2 root  named    4096 Aug  3 11:48 sam.ldb.d
>>> -rw------- 1 root  root    24576 Aug 21 13:39 schannel_store.tdb
>>> -rw------- 1 root  root     1237 Jun  3 12:17 secrets.keytab
>>> -rw------- 1 root  root  1286144 Jun 18 13:19 secrets.ldb
>>> -rw------- 1 root  root   425984 Jun  3 12:26 secrets.tdb
>>> -rw------- 1 root  root  1286144 Jun  3 11:41 share.ldb
>>> drwxr-xr-x 3 root  root     4096 Jun  3 12:26 smbd.tmp
>>> -rw-r--r-- 1 root  root      955 Jun  3 12:17 spn_update_list
>>> drwx------ 2 root  root     4096 Jun  3 12:26 tls
>>> 
>>> 
>>> I will be installing (but not provisioning) a couple of new DCs in
a
>>> couple of hours from now.  I will have a look and see if the file
is
>>> deployed as part of the install.
>>> 
>>> Regards
>>> 
>>> Mike
>> 
>> Immediately after installation /var/lib/samba/private is empty. So 
>> everything in it is "generated", I assume by the provision.
>> 
>> 
John

The files are all there when I do a classic upgrade.  I am working on a 
project to just that at the moment.

When you did the classic upgrade did you do it with the 
--dns-backend-BIND9_DLZ option?

If not you could try doing

samba_upgradedns --dns-backend=SAMBA_INTERNAL
samba_upgradedns --dns-backend=BIND9_DLZ

too see if that forces the files to generate.

Regards

Mike

Hi Mike,

I originally installed using the built-in DNS. Then, after finding it 
missing most features, I installed Bind and, lacking the named.con, 
tried it including likely sounding files from the Samba setup directory 
(OK, I was getting desperate). I then ran "samba_upgradedns 
--dns-backend=BIND9_DLZ" and discovered that named wouldn't start.
After
removing the include line it did start but of course was missing the 
important AD stuff. I ran updatedb and again tried to locate named.conf, 
again without success. I then reverted back to the internal DNS and 
named.conf is still not to be found.

I think, just to satisfy my own curiosity, I'll repeat the install on 
another machine and see if I still get the same results. But that's 
something for next week. At long last, it's Friday afternoon. :)

regards,
John


===snip== most history removed ==
On 21/08/15 16:02, Brady, Mike wrote:
> John
>
> The files are all there when I do a classic upgrade.  I am working on 
> a project to just that at the moment.
>
> When you did the classic upgrade did you do it with the 
> --dns-backend-BIND9_DLZ option?
>
> If not you could try doing
>
> samba_upgradedns --dns-backend=SAMBA_INTERNAL
> samba_upgradedns --dns-backend=BIND9_DLZ
>
> too see if that forces the files to generate.
>
> Regards
>
> Mike
>

On 2015-08-21 18:24, John Gardeniers wrote:
> Hi Mike,
> 
> I originally installed using the built-in DNS. Then, after finding it
> missing most features, I installed Bind and, lacking the named.con,
> tried it including likely sounding files from the Samba setup
> directory (OK, I was getting desperate). I then ran "samba_upgradedns
> --dns-backend=BIND9_DLZ" and discovered that named wouldn't start.
> After removing the include line it did start but of course was missing
> the important AD stuff. I ran updatedb and again tried to locate
> named.conf, again without success. I then reverted back to the
> internal DNS and named.conf is still not to be found.
> 
> I think, just to satisfy my own curiosity, I'll repeat the install on
> another machine and see if I still get the same results. But that's
> something for next week. At long last, it's Friday afternoon. :)
> 
> regards,
> John
> 
> 
> ===snip== most history removed ==> 
> On 21/08/15 16:02, Brady, Mike wrote:
>> John
>> 
>> The files are all there when I do a classic upgrade.  I am working on 
>> a project to just that at the moment.
>> 
>> When you did the classic upgrade did you do it with the 
>> --dns-backend-BIND9_DLZ option?
>> 
>> If not you could try doing
>> 
>> samba_upgradedns --dns-backend=SAMBA_INTERNAL
>> samba_upgradedns --dns-backend=BIND9_DLZ
>> 
>> too see if that forces the files to generate.
>> 
>> Regards
>> 
>> Mike
>> 
John

Named not starting could be permissions.  named runs as the named user 
and doesn't have permissions to access the the /var/lib/samba/private 
directory.  From memory it was one of the directories in the path and 
one of the files in /var/lib/samba/private.  Can't remember which ones 
exactly, but I can have a look on Monday.

No idea why named.conf isn't in /var/lib/samba/private at all though.  I 
have never not had it there when I needed it.

Regards

Mike