Hi All,
Well, after going in something of the Wrong Direction, I figure on
starting over.
Now: Looking at the docs, ISTM that BIND_DLZ is kind of a PITA. So,
being as I need the BIND (server also is the nameserver for the entire
LAN), and the recommendation is to put the AD PDC in a sub-domain,
anyway, I was thinking:
Run BIND as normal, but bind it to only eth0
Set up an eth0:0 (virtual interface), give it a different address,
run Samba bound to that interface
BIND would be the auth nameserver for example.com and delegate
the samdom.example.com zone to the Samba DNS running on the second
(virtual) interface
Samba is the auth nameserver for samdom.example.com
Thoughts?
Thanks,
Jim
Hello Jim, Am 27.08.2015 um 21:49 schrieb Jim Seymour:> BIND would be the auth nameserver for example.com and delegate > the samdom.example.com zone to the Samba DNS running on the second > (virtual) interface > > Samba is the auth nameserver for samdom.example.comIf you're already having BIND running, you're just one step away from including the AD DNS domain as additional domain via DLZ. https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9 What's wrong with that? Regards, Marc
On 27/08/15 20:49, Jim Seymour wrote:> Hi All, > > Well, after going in something of the Wrong Direction, I figure on > starting over. > > Now: Looking at the docs, ISTM that BIND_DLZ is kind of a PITA. So, > being as I need the BIND (server also is the nameserver for the entire > LAN), and the recommendation is to put the AD PDC in a sub-domain, > anyway, I was thinking: > > Run BIND as normal, but bind it to only eth0 > > Set up an eth0:0 (virtual interface), give it a different address, > run Samba bound to that interface > > BIND would be the auth nameserver for example.com and delegate > the samdom.example.com zone to the Samba DNS running on the second > (virtual) interface > > Samba is the auth nameserver for samdom.example.com > > Thoughts? > > Thanks, > Jim >No, please No, setting up bind dlz is not a PITA as you put it. You really need to run a DNS server that is authoritative for your samba domain and anything else is forwarded to another DNS server that knows about everything else i.e. if a client asks for info about another domain member, your samba4 server would supply this via bind, if it asked for an internet site, your samba 4 DNS server would ask the forwarder and would then give this info to the client, this is a very simplistic way of putting it, but I sure you get the drift. If there is something you don't understand about anything on the wiki, please ask, I will try to help you out and if the wiki proves to be unclear, I will then update the relevant wiki page. If you are not wedded to ubuntu and are willing to use Debian instead, a user called Louis van Belle posts on here and he actually provides scripts to install a DC for you, you can find these scripts here: https://secure.bazuin.nl/scripts/ Even if you don't want to use Debian and can read and understand a bash script, they may help you when/if you re-install. Rowland
On 08/27/2015 04:18 PM, Marc Muehlfeld wrote:> Hello Jim, > > Am 27.08.2015 um 21:49 schrieb Jim Seymour: >> BIND would be the auth nameserver for example.com and delegate >> the samdom.example.com zone to the Samba DNS running on the second >> (virtual) interface >> >> Samba is the auth nameserver for samdom.example.com > If you're already having BIND running, you're just one step away from > including the AD DNS domain as additional domain via DLZ. > https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9 > > What's wrong with that?It says: include "/usr/local/samba/private/named.conf"; This file does not exist on my sernet 4.2 installation. In fact, I do not have a /usr/local/samba directory.
On Thu, 27 Aug 2015 22:18:59 +0200 Marc Muehlfeld <mmuehlfeld at samba.org> wrote:> Hello Jim,[snip]> > If you're already having BIND running, you're just one step away > from including the AD DNS domain as additional domain via DLZ. > https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9 > > What's wrong with that?Other than the fact that, when I added include "/var/lib/samba/private/named.conf"; to /etc/bind/named.conf (after editing the above file for BIND version), named segfault'd on start-up? Nothing at all ;) Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>.
On Thu, 27 Aug 2015 21:23:48 +0100 Rowland Penny <rowlandpenny241155 at gmail.com> wrote: [snip]> > No, please No, setting up bind dlz is not a PITA as you put it.Yes, actually, it is. In my opinion, of course.> You > really need to run a DNS server that is authoritative for your > samba domain and anything else is forwarded to another DNS server > that knows about everything else ...[snip] And that's what running BIND on, say, 192.168.0.1 on eth0, and Samba at 192.168.0.2 on eth0:0 would accomplish. Samba has built-in DNS. Why do I need to go to the trouble of running *two* servers for BIND, bastardizing the BIND on one of them, when I can do everything I want in one? I am *not* going to be running Samba on one server and everything else on another. This is Linux, not Windows. It can walk and chew gum at the same time ;)>[snip]> > If you are not wedded to ubuntu ...[snip] We've standardized on it.> > https://secure.bazuin.nl/scripts/ > > Even if you don't want to use Debian and can read and understand a > bash script, they may help you when/if you re-install.I understand bash, and a good many other languages, as well. Thanks for the pointer. I'll take a look. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>.