On 08/26/2015 03:50 PM, Rowland Penny wrote:> On 26/08/15 20:39, Robert Moskowitz wrote: >> >> >> On 08/26/2015 03:26 PM, Rowland Penny wrote: >>> On 26/08/15 20:14, Robert Moskowitz wrote: >>>> One of the Centos 7 arm developers built the sernet 4.2 for me to >>>> start testing. >>>> >>>> http://repo.shivaserv.fr/centos/7/shivaserv-sernet.repo >>>> >>>> and >>>> >>>> http://repo.shivaserv.fr/centos/7/sernet/armv7hl/ >>>> >>>> Since these were built on qemu, not requiring specific armv7 >>>> hardware, Perhaps at some point they can be adopted by Sernet. But >>>> for now, how to test.... >>>> >>>> I don't see any specific Sernet documentation. Like what is here >>>> and how to set it up, perhaps different, from generic Samba 4. >>>> >>>> I searched the sernet web site and this list and came up empty, but >>>> my search foo is weak. >>>> >>>> thanks >>>> >>>> >>>> >>> >>> If Sernet just built samba for ARM, I do not think that it should be >>> any different to set up, so just follow the relevant documentation >>> on the samba wiki: >>> >>> https://wiki.samba.org/index.php/Main_Page >> >> I was thinking that PERHAPS te sernet build could have specific >> configs for BIND and DHCP at the least. Unless Samba has already >> included these. For things like DYNDNS. >> > > Could you be a bit more specific, you can use Bind with samba4 but it > is up to the sysadmin to set this up, though there is a page on the > samba wiki. DHCP, again the sysadmin will have to set this, but there > is not much on the wiki about this, but if all else fails, I can help > with this. Finally, I don't see where DYNDNS comes in here.Plowing through the wiki... I see where if I use the internal DNS provided, I will have to set up a forwarder. No problem, I have done that a lot. But I plan on using a private tld, htt. and the zone home.htt. I want these zones known to other systems on my network, so I want to slave them to my main DNS internal servers (I actually have a production and 2 distinct test DNS servers). Perhaps I will find in the wiki how to do this, or find my old notes. Are workstations assigned DNS entries when they get their DHCP lease? So that 'den' becomes den.home.htt and diningroom becomes diningroom.home.htt? That is what I would think DYNDNS would be doing. Of course the file servers, nevia and vega would be nevia.home.htt and vega.home.htt? But since these are statically assigned, again, I am assuming there are ways to get them into the internal DNS. Finally I am testing on one RFC1918 subnet (check out the authors of 1918) and then will move all the servers to another one. what will I need to do for this migration?
On 26/08/15 21:07, Robert Moskowitz wrote:> > > On 08/26/2015 03:50 PM, Rowland Penny wrote: >> On 26/08/15 20:39, Robert Moskowitz wrote: >>> >>> >>> On 08/26/2015 03:26 PM, Rowland Penny wrote: >>>> On 26/08/15 20:14, Robert Moskowitz wrote: >>>>> One of the Centos 7 arm developers built the sernet 4.2 for me to >>>>> start testing. >>>>> >>>>> http://repo.shivaserv.fr/centos/7/shivaserv-sernet.repo >>>>> >>>>> and >>>>> >>>>> http://repo.shivaserv.fr/centos/7/sernet/armv7hl/ >>>>> >>>>> Since these were built on qemu, not requiring specific armv7 >>>>> hardware, Perhaps at some point they can be adopted by Sernet. But >>>>> for now, how to test.... >>>>> >>>>> I don't see any specific Sernet documentation. Like what is here >>>>> and how to set it up, perhaps different, from generic Samba 4. >>>>> >>>>> I searched the sernet web site and this list and came up empty, >>>>> but my search foo is weak. >>>>> >>>>> thanks >>>>> >>>>> >>>>> >>>> >>>> If Sernet just built samba for ARM, I do not think that it should >>>> be any different to set up, so just follow the relevant >>>> documentation on the samba wiki: >>>> >>>> https://wiki.samba.org/index.php/Main_Page >>> >>> I was thinking that PERHAPS te sernet build could have specific >>> configs for BIND and DHCP at the least. Unless Samba has already >>> included these. For things like DYNDNS. >>> >> >> Could you be a bit more specific, you can use Bind with samba4 but it >> is up to the sysadmin to set this up, though there is a page on the >> samba wiki. DHCP, again the sysadmin will have to set this, but there >> is not much on the wiki about this, but if all else fails, I can help >> with this. Finally, I don't see where DYNDNS comes in here. > > Plowing through the wiki... > > I see where if I use the internal DNS provided, I will have to set up > a forwarder. No problem, I have done that a lot. But I plan on using > a private tld, htt. and the zone home.htt. I want these zones known > to other systems on my network, so I want to slave them to my main DNS > internal servers (I actually have a production and 2 distinct test DNS > servers). Perhaps I will find in the wiki how to do this, or find my > old notes. > > Are workstations assigned DNS entries when they get their DHCP lease? > So that 'den' becomes den.home.htt and diningroom becomes > diningroom.home.htt? That is what I would think DYNDNS would be > doing. Of course the file servers, nevia and vega would be > nevia.home.htt and vega.home.htt? But since these are statically > assigned, again, I am assuming there are ways to get them into the > internal DNS.Unless things have changed, DHCP doesn't work with the samba internal DNS server, it does however work with the Bind9 DNS server, I have been using it since Dec 2012 on my home network 192.168.0.0/24 with the domain name of home.lan. To get the domain name applied to the clients, you just have to set them to ask for it and the DHCP to send it. As for the static clients, you can use samba-tool to add these.> > Finally I am testing on one RFC1918 subnet (check out the authors of > 1918) and then will move all the servers to another one. what will I > need to do for this migration? >What do you need to migrate ? if you set the first DC in a domain and then add another DC, all the AD database will be replicated to it. Rowland PS: you wouldn't be the B. Moskowitz from RFC would you ? (if you are, sorry but until this post, I had never heard of you :-) )
On 08/26/2015 04:28 PM, Rowland Penny wrote:> On 26/08/15 21:07, Robert Moskowitz wrote: >> >> >> On 08/26/2015 03:50 PM, Rowland Penny wrote: >>> On 26/08/15 20:39, Robert Moskowitz wrote: >>>> >>>> >>>> On 08/26/2015 03:26 PM, Rowland Penny wrote: >>>>> On 26/08/15 20:14, Robert Moskowitz wrote: >>>>>> One of the Centos 7 arm developers built the sernet 4.2 for me to >>>>>> start testing. >>>>>> >>>>>> http://repo.shivaserv.fr/centos/7/shivaserv-sernet.repo >>>>>> >>>>>> and >>>>>> >>>>>> http://repo.shivaserv.fr/centos/7/sernet/armv7hl/ >>>>>> >>>>>> Since these were built on qemu, not requiring specific armv7 >>>>>> hardware, Perhaps at some point they can be adopted by Sernet. >>>>>> But for now, how to test.... >>>>>> >>>>>> I don't see any specific Sernet documentation. Like what is here >>>>>> and how to set it up, perhaps different, from generic Samba 4. >>>>>> >>>>>> I searched the sernet web site and this list and came up empty, >>>>>> but my search foo is weak. >>>>>> >>>>>> thanks >>>>>> >>>>>> >>>>>> >>>>> >>>>> If Sernet just built samba for ARM, I do not think that it should >>>>> be any different to set up, so just follow the relevant >>>>> documentation on the samba wiki: >>>>> >>>>> https://wiki.samba.org/index.php/Main_Page >>>> >>>> I was thinking that PERHAPS te sernet build could have specific >>>> configs for BIND and DHCP at the least. Unless Samba has already >>>> included these. For things like DYNDNS. >>>> >>> >>> Could you be a bit more specific, you can use Bind with samba4 but >>> it is up to the sysadmin to set this up, though there is a page on >>> the samba wiki. DHCP, again the sysadmin will have to set this, but >>> there is not much on the wiki about this, but if all else fails, I >>> can help with this. Finally, I don't see where DYNDNS comes in here. >> >> Plowing through the wiki... >> >> I see where if I use the internal DNS provided, I will have to set up >> a forwarder. No problem, I have done that a lot. But I plan on >> using a private tld, htt. and the zone home.htt. I want these zones >> known to other systems on my network, so I want to slave them to my >> main DNS internal servers (I actually have a production and 2 >> distinct test DNS servers). Perhaps I will find in the wiki how to >> do this, or find my old notes. >> >> Are workstations assigned DNS entries when they get their DHCP >> lease? So that 'den' becomes den.home.htt and diningroom becomes >> diningroom.home.htt? That is what I would think DYNDNS would be >> doing. Of course the file servers, nevia and vega would be >> nevia.home.htt and vega.home.htt? But since these are statically >> assigned, again, I am assuming there are ways to get them into the >> internal DNS. > > Unless things have changed, DHCP doesn't work with the samba internal > DNS server, it does however work with the Bind9 DNS server, I have > been using it since Dec 2012 on my home network 192.168.0.0/24 with > the domain name of home.lan. To get the domain name applied to the > clients, you just have to set them to ask for it and the DHCP to send > it. As for the static clients, you can use samba-tool to add these.I will ask a separate question on classicupgrade. From this it sounds like I need to put bind on this system. C7 has 9.9.4 I have not used the DLZ function, or at least not knowingly :) What is one more thing to pick up!> >> >> Finally I am testing on one RFC1918 subnet (check out the authors of >> 1918) and then will move all the servers to another one. what will I >> need to do for this migration? >> > > What do you need to migrate ? if you set the first DC in a domain and > then add another DC, all the AD database will be replicated to it.ClearOS PDC (samba 3.6.23) on an Intel platform to Sernet Samba 4.3 on Centos7-arm.> > PS: you wouldn't be the B. Moskowitz from RFC would you ? (if you are, > sorry but until this post, I had never heard of you :-) ) >One in the same. One of my claims to notoriety. You can blame me for nats and the delays in moving to IPv6. As some people know, I dabble here and dabble there...
I've been using bind9 and DHCP on Samba 4.1.0 thru 4.1.17 and Slackware 64 14.1 for many months now in a production environment and it works just fine. There are a few tweaks here and there to get bind/dhcp to play nicely with Samba ... Note, conf file locations are Slackware, but you'll know where the same thing goes in your distro. In the examples below, my Domain IP range is 192.168.0.0/24. My AD/DC (also DNS and DHCP server and router) is 192.168.0.2. My domain name is hprs.local. First off, I provisioned my Samba as follows: $ samba-tool domain provision --use-rfc2307 \ --server-role='dc' --realm=hprs.local --domain=HPRS \ --adminpass='password' --dns-backend=BIND9_FLATFILE \ --option="interfaces=lo eth1" --option="bind interfaces only=yes" In the standard /etc/named.conf, in the option section you need: ----------snip----------- options { forwarders { // These are the ISP provided name servers 66.193.88.3; 66.192.88.4; }; allow-query { // Permit querying by others in the domain 192.168.0.0/24; 127.0.0.1; }; }; ----------un-snip----------- I've kept my local zone files defined in this named.conf: ----------snip----------- zone "localhost" IN { type master; file "/var/named/db.local"; }; zone "127.in-addr.arpa" IN { type master; file "/var/named/db.127"; }; ----------un-snip----------- but now I reference Samba's config files for the domain stuff: ----------snip----------- include "/etc/samba/private/named.conf"; ----------un-snip----------- Complete /etc/named.conf file: ----------snip----------- options { // directory "/var/named"; forwarders { // These are the ISP provided name servers 209.18.47.61; 209.18.47.62; }; allow-query { // Permit querying by others in the domain 192.168.0.0/24; 127.0.0.1; }; }; zone "localhost" IN { type master; file "/var/named/db.local"; }; zone "127.in-addr.arpa" IN { type master; file "/var/named/db.127"; }; include "/etc/samba/private/named.conf"; ----------un-snip----------- The samba-tool provisioning step will have created the referenced /etc/samba/private/named.conf file. Listed below is this file with my changes. I've commented out line 15. More importantly, the domain Windows workstations will want to update the zone files via Samba. If they cannot, you will continuously get the syslog message: syslog:Jul 30 20:35:20 mail named[792]: client 192.168.0.101#58026: update 'hprs.local/IN' denied Hence the "allow-update" in lines 8 and 25. Finally, I've added the "optional" reverse zone in lines 23-26. ----------snip----------- 1 # This file should be included in your main BIND configuration file 2 # 3 # For example with 4 # include "/etc/samba/private/named.conf"; 5 6 zone "hprs.local." IN { 7 type master; 8 allow-update { 192.168.0.0/24; 127.0.0.1; }; // local DHCP server 9 file "/etc/samba/private/dns/hprs.local.zone"; 10 /* 11 * the list of principals and what they can change is created 12 * dynamically by Samba, based on the membership of the domain controllers 13 * group. The provision just creates this file as an empty file. 14 */ 15 # include "/etc/samba/private/named.conf.update"; 16 17 /* we need to use check-names ignore so _msdcs A records can be created */ 18 check-names ignore; 19 }; 20 21 # The reverse zone configuration is optional. 22 23 zone "0.168.192.in-addr.arpa" in { 24 type master; 25 allow-update { 192.168.0.0/24; 127.0.0.1; }; // local DHCP server 26 file "/etc/samba/private/dns/db.192.168.0"; 27 }; 28 29 # Note that the reverse zone file is not created during the provision process. 30 31 # The most recent BIND versions (9.8 or later) support secure GSS-TSIG 32 # updates. If you are running an earlier version of BIND, or if you do not wish 33 # to use secure GSS-TSIG updates, you may remove the update-policy sections in 34 # both examples above. ----------un-snip----------- For DNS, that's about it. I hand-tweaked a few things in the samba-tool provisioned zone files to change the hostmaster email address and the various refresh, retry, etc. timers. I'll not post those unless you need them because they can be fairly lengthy. Except, you mentioned static IP. As an example, I just added the following to my /etc/samba/private/dns/hprs.local.zone file: $TTL 3600 ; 1 hour vaio A 192.168.0.102 Important note!!! I've found that samba and DNS must be NOT RUNNING when you add these statis IP to the zone file. Otherwise, they seem to get clobbered/removed. For DHCP, I've simply added the following to my dhcpd.conf. All these are important, but the first 4 are needed for Samba to be able to update leases on behalf of clients. ----------snip----------- ddns-updates on; update-static-leases on; allow unknown-clients; # default, deprecated (man dhcpd.conf) ignore client-updates; # see https://www.centos.org/forums/viewtopic.php?t=29256, man dhcpd.conf: ignore client-updates ddns-update-style interim; zone hprs.local. { primary 192.168.0.2; } zone 0.168.192.in-addr.arpa. { primary 192.168.0.2; } subnet 192.168.0.0 netmask 255.255.255.0 { option routers 192.168.0.2; range 192.168.0.100 192.168.0.254; option domain-name-servers 192.168.0.2; option domain-name "hprs.local"; ddns-domainname = "hprs.local."; ddns-rev-domainname = "in-addr.arpa."; } // Example of DHCP static IP host ricoh { hardware ethernet 00:26:73:55:63:AB; fixed-address 192.168.0.20; } ----------un-snip----------- This all works just fine. I've routed my log messages for DNS and DHCPD to their own file (not shown) and I can tail -f this file and see REQUESTs and ACKs scrolling by in fine style. Not to put too much in one message, but I had to do the following on each Windows workstation (command line) to get time to synchronize with ntpd where "mail" is the hostname of my AD/DC and domain time server: w32tm /config /manualpeerlist:mail,0x8 /syncfromflags:MANUAL w32tm /config /update reference: https://www.meinbergglobal.com/english/info/ntp-w32time.htm Hope this helps --Mark -----Original Message-----> Date: Wed, 26 Aug 2015 21:28:55 +0100 > From: Rowland Penny <rowlandpenny241155 at gmail.com> > To: Robert Moskowitz <rgm at htt-consult.com>, samba at lists.samba.org > Subject: Re: [Samba] sernet documentation > > On 26/08/15 21:07, Robert Moskowitz wrote: > > > > > > On 08/26/2015 03:50 PM, Rowland Penny wrote: > >> On 26/08/15 20:39, Robert Moskowitz wrote: > >>> > >>> > >>> On 08/26/2015 03:26 PM, Rowland Penny wrote: > >>>> On 26/08/15 20:14, Robert Moskowitz wrote: > >>>>> One of the Centos 7 arm developers built the sernet 4.2 for me to > >>>>> start testing. > >>>>> > >>>>> http://repo.shivaserv.fr/centos/7/shivaserv-sernet.repo > >>>>> > >>>>> and > >>>>> > >>>>> http://repo.shivaserv.fr/centos/7/sernet/armv7hl/ > >>>>> > >>>>> Since these were built on qemu, not requiring specific armv7 > >>>>> hardware, Perhaps at some point they can be adopted by Sernet. But > >>>>> for now, how to test.... > >>>>> > >>>>> I don't see any specific Sernet documentation. Like what is here > >>>>> and how to set it up, perhaps different, from generic Samba 4. > >>>>> > >>>>> I searched the sernet web site and this list and came up empty, > >>>>> but my search foo is weak. > >>>>> > >>>>> thanks > >>>>> > >>>>> > >>>>> > >>>> > >>>> If Sernet just built samba for ARM, I do not think that it should > >>>> be any different to set up, so just follow the relevant > >>>> documentation on the samba wiki: > >>>> > >>>> https://wiki.samba.org/index.php/Main_Page > >>> > >>> I was thinking that PERHAPS te sernet build could have specific > >>> configs for BIND and DHCP at the least. Unless Samba has already > >>> included these. For things like DYNDNS. > >>> > >> > >> Could you be a bit more specific, you can use Bind with samba4 but it > >> is up to the sysadmin to set this up, though there is a page on the > >> samba wiki. DHCP, again the sysadmin will have to set this, but there > >> is not much on the wiki about this, but if all else fails, I can help > >> with this. Finally, I don't see where DYNDNS comes in here. > > > > Plowing through the wiki... > > > > I see where if I use the internal DNS provided, I will have to set up > > a forwarder. No problem, I have done that a lot. But I plan on using > > a private tld, htt. and the zone home.htt. I want these zones known > > to other systems on my network, so I want to slave them to my main DNS > > internal servers (I actually have a production and 2 distinct test DNS > > servers). Perhaps I will find in the wiki how to do this, or find my > > old notes. > > > > Are workstations assigned DNS entries when they get their DHCP lease? > > So that 'den' becomes den.home.htt and diningroom becomes > > diningroom.home.htt? That is what I would think DYNDNS would be > > doing. Of course the file servers, nevia and vega would be > > nevia.home.htt and vega.home.htt? But since these are statically > > assigned, again, I am assuming there are ways to get them into the > > internal DNS. > > Unless things have changed, DHCP doesn't work with the samba internal > DNS server, it does however work with the Bind9 DNS server, I have been > using it since Dec 2012 on my home network 192.168.0.0/24 with the > domain name of home.lan. To get the domain name applied to the clients, > you just have to set them to ask for it and the DHCP to send it. As for > the static clients, you can use samba-tool to add these. > > > > > Finally I am testing on one RFC1918 subnet (check out the authors of > > 1918) and then will move all the servers to another one. what will I > > need to do for this migration? > > > > What do you need to migrate ? if you set the first DC in a domain and > then add another DC, all the AD database will be replicated to it. > > Rowland > > PS: you wouldn't be the B. Moskowitz from RFC would you ? (if you are, > sorry but until this post, I had never heard of you :-) ) > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
El 26/08/15 a les 22:28, Rowland Penny ha escrit:> Unless things have changed, DHCP doesn't work with the samba internal > DNS serverYes, it does, with some tweaking: https://wiki.archlinux.org/index.php/Samba_4_Active_Directory_domain_controller#DHCP Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es/ Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007