Re: [Samba] HOWTO centOS 5.5 samba4 dns dynamic update/Replication
Dear all, after the feedbacks. I renew this HOWTO with replacation of a second SAMBA 4 PDC. We have 2 CentOS 5.5 servers on which we build a SAMBA4 forest with 2 Servers replication. We have one hosts called node1 and the second node2 Step1: On node1: Do not install the named coming with CentOs. This version can not do dns updates Install needs for samba. yum install libacl* libbb* gnutls* readline* python* gdb* autoconf* . Named installation: Here is a description on what to do: http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d nssec-nsec3-support/ . The steps, yum -y install make gcc rpm-build libtool openssl-devel libcap-devel libidn-devel libxml2-devel openldap-devel postgresql-devel sqlite-devel mysql-devel krb5-devel xmlto . For named to compile correctly you need this 2 packages too: yum -y install curl* . You need python-dns-1.7.1-1.el5.noarch.rpm. You find it here:download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el 5.noarch.rpm. Download it and make a, rpm -ivh python-dns-1.7.1-1.el5.noarch.rpm. cd /usr/src/redhat/SRPMS. wget -c ftp://mirrors.kernel.org/pub/fedora/updates/12/SRPMS/bind-9.6.*.src. rpm. wget -c ftp://mirrors.kernel.org/pub/fedora/releases/12/Fedora/source/SRPMS/dnssec-c onf-*.src.rpm. rpm -ivh --nomd5 bind-9.6.*.src.rpm dnssec-conf-*.src.rpm. cd /usr/src/redhat/SPECS. rpmbuild -ba ./bind.spec. The built bind RPM is now in /usr/src/redhat/RPMS/i386/ or /usr/src/redhat/RPMS/x86_64/ depending on your Arch. rpmbuild --ba ./dnssec-conf.spec . The built dnssec-conf RPM is now in /usr/src/redhat/RPMS/noarch/. cd /usr/src/redhat/RPMS/*86*. rpm -Uvh bind-9.6.*.rpm bind-utils-9.6.*.rpm bind-libs-9.6.*.rpm ../noarch/dnssec-conf-1.21-*.noarch.rpm. Now bind is installed Config-File in /etc/named.conf I disabled in options: //dnssec-enable yes; //dnssec-validation yes; //dnssec-lookaside . trust-anchor dlv.isc.org.; Because I did not need them. To make bind work you have to add user named to the group named (To avoid this you can add the user named and group named before you compile named!!!). Set the rights to make named work correctly: chmod 770 /etc/named.conf. chmod 770 /etc/named.rfc1912.zones. chown root:named /etc/named.conf. chown named:named /etc/named.rfc1912.zones. chmod -R 770 /var/named. chown -R named:named /var/named. chown named:named /etc/rndc.key. chown named:named /var/run/named/. Now download and install samba: url: http://wiki.samba.org/index.php/Samba4/HOWTO. mkdir samba4. cd samba4. rsync -avz samba.org::ftp/unpacked/samba_4_0_test/ . cd /source4. ./autogen.sh . ./configure.devloper . Make . make install . Samba4 is now installed in /usr/local/samba . Provision it: cd /samba4/source4 . ./setup/provision --realm=samdom.example.com --domain=SAMDOM --adminpass=SOMEPASSWORD --server-role='domain controller' . In my case: ./setup/provision --realm=tuebingen.tst.loc --domain=TUEBINGEN--adminpass=SOMEPASSWORD --server-role='domain controller' . Now you nedd to add the PATH to roots .bash_profile in /root: -- PATH=$PATH:$HOME/bin:/usr/local/samba/bin:/usr/local/samba/sbin . which samba must answer: /usr/local/samba/sbin/samba Now you must set the lib paths: echo /usr/local/samba/lib /etc/ld.so.conf.d/samba4.conf. Then: type ldconfig . The next things to do( named should have read and write) : Cd /usr/local/samba/private . Chown named:named krb5.conf . Chown -R named:named /usr/local/samba/private/dns. Chown named:named named.conf . Chown named:named named.conf.update . Chown named:named dns.keytab . Cp krb5.conf /etc # this will overwrite the org. krb5.conf. cd /etc/sysconfig . Vi named There add a line at the bootom: KEYTAB_FILE=/usr/local/samba/private/dns.keytab. export KEYTAB_FILE. Now you must update your /etc/named.conf , Be sure to have em listen on a IP not only 127.0.0.1: Here is mine: options { listen-on port 53 { 127.0.0.1;192.168.134.27; };# --- ip of the samba4 server listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; allow-query { localhost;allyoursubnetshere; }; #---do not forget to list your subnets here. recursion yes; forwarders { 192.168.134.253; };##put here your first dns if you have }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; include /usr/local/samba/private/named.conf;samba4 link include /etc/named.rfc1912.zones; In your /etc/resolv.conf you have one single entry: → nameserver localhost Now you have to put in your globals /usr/local/smba/etc/smb.conf Interfaces=eth0 Now samba -I -M single And you are done!!! Samba_dnsupdate --verbose will give you: [r...@node1 etc]#
Re: [Samba] HOWTO centOS 5.5 samba4 dns dynamic update
On Mon, Jul 26, 2010 at 5:34 AM, Daniel Müller muel...@tropenklinik.de wrote: For all, after I had several problems making samba4 working as it should on centOs5.5 here is a short guide setting it up to work. First of all do not install the bind package coming with centos 5.5!! Install needs for samba Let me slow you down here. While your guide is useful, there are a couple of important things you're not doing. * You're building this as a root user. Never do this: Configure your $HOME/.rpmmacros to set your rpm build directories to include something like this: %_topdir /home/username/rpm * SRPM's can be rebuilt with the command rpmbuild --rebuild filename.src.rpm, which also cleans up the mess in your BUILD and SOURCES and SPECS subdirectories left behind. * Recent Fedora RPM's remain an issue to grab on the current CentOS and RHEL releases, due to the recent change in checksum tools. Replacing RHEL published components with recent Fedora ones is... a potential compatibility risk. * Instead of manually installing Samba and losing all that RPM component information, Why not review the SRPM's at http://ftp.sernet.de/pub/samba/3.5/rhel/5/? It's a valuable resource for leading edge Samba RPM's, and you can rebuild Samba cleanly from them to install as RPM's, even if you don't care to use the RPM's there directly. That will report all your build requirements as well, and save deducing them manually. And it gets you away from replacing bind. * I love configuring and using mock to build my RPM's, to prevent changes in my development machines libraries from skewing my builds of important software like Samba. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] HOWTO centOS 5.5 samba4 dns dynamic update
This is a guide to test the functions of Samba4 (nothing with Samba 3.X) on centos 5.5 nothing else. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Nico Kadel-Garcia [mailto:nka...@gmail.com] Gesendet: Montag, 26. Juli 2010 14:05 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: [Samba] HOWTO centOS 5.5 samba4 dns dynamic update On Mon, Jul 26, 2010 at 5:34 AM, Daniel Müller muel...@tropenklinik.de wrote: For all, after I had several problems making samba4 working as it should on centOs5.5 here is a short guide setting it up to work. First of all do not install the bind package coming with centos 5.5!! Install needs for samba Let me slow you down here. While your guide is useful, there are a couple of important things you're not doing. * You're building this as a root user. Never do this: Configure your $HOME/.rpmmacros to set your rpm build directories to include something like this: %_topdir /home/username/rpm * SRPM's can be rebuilt with the command rpmbuild --rebuild filename.src.rpm, which also cleans up the mess in your BUILD and SOURCES and SPECS subdirectories left behind. * Recent Fedora RPM's remain an issue to grab on the current CentOS and RHEL releases, due to the recent change in checksum tools. Replacing RHEL published components with recent Fedora ones is... a potential compatibility risk. * Instead of manually installing Samba and losing all that RPM component information, Why not review the SRPM's at http://ftp.sernet.de/pub/samba/3.5/rhel/5/? It's a valuable resource for leading edge Samba RPM's, and you can rebuild Samba cleanly from them to install as RPM's, even if you don't care to use the RPM's there directly. That will report all your build requirements as well, and save deducing them manually. And it gets you away from replacing bind. * I love configuring and using mock to build my RPM's, to prevent changes in my development machines libraries from skewing my builds of important software like Samba. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba