On Fri, 2022-06-03 at 13:33 +0000, L.P.H. van Belle via samba wrote:> Now, i dont know the folders on Fedora, im more a debian guy, > correct me where im wrong.OK, he isn't using fedora, he is using Suse. Rowland
options { ???????# The directory statement defines the name server's working directory ???????directory "/var/lib/named"; ???????# enable DNSSEC validation ???????# ???????# If BIND logs error messages about the root key being expired, you ???????# will need to update your keys. See https://www.isc.org/bind-keys ???????# ???????# The dnssec-enable option has been obsoleted and no longer has any effect. ???????# DNSSEC responses are always enabled if signatures and other DNSSEC data are present. ???????# dnssec-validation yes (default), indicates that a resolver ???????# (a caching or caching-only name server) will attempt to validate ???????# replies from DNSSEC enabled (signed) zones. To perform this task ???????# the server also needs either a valid trusted-keys clause ???????# (containing one or more trusted-anchors) or a managed-keys clause. ???????# If you have problems with forwarders not returning signed responses, ???????# set this to "no", but be aware that this may create security issues ???????# so better switch to a forwarder which supports DNSSEC! ???????#dnssec-validation auto; ???????managed-keys-directory "/var/lib/named/dyn/"; ???????# Write dump and statistics file to the log subdirectory. ?The ???????# pathenames are relative to the chroot jail. ???????dump-file "/var/log/named_dump.db"; ???????statistics-file "/var/log/named.stats"; ???????# The forwarders record contains a list of servers to which queries ???????# should be forwarded. ?Enable this line and modify the IP address to ???????# your provider's name server. ?Up to three servers may be listed. ???????#forwarders { 192.0.2.1; 192.0.2.2; }; ???????# Enable the next entry to prefer usage of the name server declared in ???????# the forwarders section. ???????#forward first; ???????# The listen-on record contains a list of local network interfaces to ???????# listen on. ?Optionally the port can be specified. ?Default is to ???????# listen on all interfaces found on your system. ?The default port is ???????# 53. ???????#listen-on port 53 { 127.0.0.1; }; ???????# The listen-on-v6 record enables or disables listening on IPv6 ???????# interfaces. ?Allowed values are 'any' and 'none' or a list of ???????# addresses. ???????listen-on-v6 { any; }; ???????# The next three statements may be needed if a firewall stands between ???????# the local server and the internet. ???????#query-source address * port 53; ???????#transfer-source * port 53; ???????#notify-source * port 53; ???????# The allow-query record contains a list of networks or IP addresses ???????# to accept and deny queries from. The default is to allow queries ???????# from all hosts. ???????#allow-query { 127.0.0.1; }; ???????# If notify is set to yes (default), notify messages are sent to other ???????# name servers when the the zone data is changed. ?Instead of setting ???????# a global 'notify' statement in the 'options' section, a separate ???????# 'notify' can be added to each zone definition. ???????notify no; ???????disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; ???????include "/etc/named.d/forwarders.conf"; ???????tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; ???????minimal-responses yes; }; # To configure named's logging remove the leading '#' characters of the # following examples. #logging { # ??????# Log queries to a file limited to a size of 100 MB. # ??????channel query_logging { # ??????????????file "/var/log/named_querylog" # ??????????????????????versions 3 size 100M; # ??????????????print-time yes; ????????????????// timestamp log entries # ??????}; # ??????category queries { # ??????????????query_logging; # ??????}; # # ??????# Or log this kind alternatively to syslog. # ??????channel syslog_queries { # ??????????????syslog user; # ??????????????severity info; # ??????}; # ??????category queries { syslog_queries; }; # # ??????# Log general name server errors to syslog. # ??????channel syslog_errors { # ??????????????syslog user; # ??????????????severity error; # ??????}; # ??????category default { syslog_errors; ?}; # # ??????# Don't log lame server messages. # ??????category lame-servers { null; }; #}; # The following zone definitions don't need any modification. ?The first one # is the definition of the root name servers. ?The second one defines # localhost while the third defines the reverse lookup for localhost. zone "." in { ???????type hint; ???????file "root.hint"; }; zone "localhost" in { ???????type master; ???????file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" in { ???????type master; ???????file "127.0.0.zone"; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" in { ???????type master; ???????file "127.0.0.zone"; }; # Include the meta include file generated by createNamedConfInclude. ?This # includes all files as configured in NAMED_CONF_INCLUDE_FILES from # /etc/sysconfig/named include "/etc/named.conf.include"; logging { ???????category default { log_syslog; }; ???????channel log_syslog { syslog; }; }; zone "pukey" in { ???????allow-transfer { any; localnets; }; ???????masters { 192.168.0.4; }; ???????file "slave/pukey"; ???????type slave; }; # You can insert further zone records for your own domains below or create # single files in /etc/named.d/ and add the file names to # NAMED_CONF_INCLUDE_FILES. # See /usr/share/doc/packages/bind/README.SUSE for more details. # dlz "AD DNS Zone" { # ???# For BIND 9.16.x # ???database "dlopen /usr/lib64/samba/bind9/dlz_bind9_16.so"; # }; s
[global] ???????security = AUTO ???????realm = PUKEY ???????log file = /var/log/samba/%m.log ???????kerberos method = secrets and keytab ???????client signing = yes ???????map to guest = Never ???????netbios name = SERENITY ???????passdb backend = samba_dsdb ???????server role = active directory domain controller ???????workgroup = PUKEY-NT ???????server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc ???????min protocol = NT1 ???????ntlm auth = yes ???????idmap_ldb:use rfc2307 = yes ???????log level = 0 [netlogon] ???????path = /var/locks/sysvol/pukey/scripts ???????read only = No [sysvol] ???????path = /var/locks/sysvol ???????read only = No