Re: [Gutl-l] Problema con la configuración del DNS e n Samba 4 alpha 13

felix Tue, 19 Oct 2010 08:01:07 -0700

En el sitio http://wiki.samba.org/index.php/Samba4/HOWTO explican sobre el
DNS lo siguiente:


The simplest way to get a working DNS setup for Samba4 is to start with
the DNS zone and configuration files that are created by the 'provision'
step above. If you look in /usr/local/samba/private directory, you'll find
a file called 'named.conf' and another one called samdom.example.com.zone
(adjusted for your real DNS domain name of course!).

Assuming your have a bind9 DNS server installed, you can activate the
configuration that the provision has created by adding a line like this to
/etc/bind/named.conf.local:

 include "/usr/local/samba/private/named.conf";

After adding that line you should restart your bind server and check in
the system logs for any problems.

Saludos.


> Saludos a todos.
>
> Estoy cacharreando el alpha 13, como lo he hecho ya con los anteriores,
> a ver quÃ© tiene de nuevo.
>
> Me he encontrado que interactÃºa con el DNS de una forma mÃ¡s actualizada,
> y (como era de esperar) que me quedado perdido.
>
> Versiones anteriores, como por ejemplo el alpha 8 (cito de memoria, tal
> vez el 10 o el 11 lo hicieran tambiÃ©n), generaban mediante el script
> provision.pl una informaciÃ³n de zona para aÃ±adirle al DNS que estuviera
> funcionando en el Ã¡mbito. Algo como:
>
> ; -*- zone -*-
> ; generated by provision.pl
> $ORIGIN dominio.co.cu.
> $TTL 1W
> @               IN SOA  @   hostmaster (
>                                 2007121818   ; serial
>                                 2D              ; refresh
>                                 4H              ; retry
>                                 6W              ; expiry
>                                 1W )            ; minimum
>                       IN NS   servidor
>                       IN A    192.168.0.8
> ;
>
> servidor              IN A    192.168.0.8
> 72adddc9-ae48-47a3-9937-0609c662c53df._msdcs  IN CNAME servidor
> ;
> ; global catalog servers
> _gc._tcp              IN SRV 0 100 3268       servidor
> _ldap._tcp.gc._msdcs  IN SRV 0 100 389        servidor
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs   IN SRV 0 100 389
> servidor
> ;
> ; ldap servers
> _ldap._tcp            IN SRV 0 100 389        servidor
> _ldap._tcp.dc._msdcs  IN SRV 0 100 389        servidor
> _ldap._tcp.pdc._msdcs IN SRV 0 100 389        servidor
> _ldap._tcp.ad008960-df36-45e7-8501-88fd48acb494.domains._msdcs                
> IN SRV 0
> 100 389 servidor
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs   IN SRV 0 100 389
> servidor
> ;
> ; krb5 servers
> _kerberos._tcp                IN SRV 0 100 88         servidor
> _kerberos._tcp.dc._msdcs      IN SRV 0 100 88 servidor
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs       IN SRV 0 100 88
> servidor
> _kerberos._udp                IN SRV 0 100 88         servidor
> ; MIT kpasswd likes to lookup this name on password change
> _kerberos-master._tcp         IN SRV 0 100 88         servidor
> _kerberos-master._udp         IN SRV 0 100 88         servidor
> ;
> ; kpasswd
> _kpasswd._tcp         IN SRV 0 100 464        servidor
> _kpasswd._udp         IN SRV 0 100 464        servidor
> ;
> ; heimdal 'find realm for host' hack
> _kerberos             IN TXT  dominio.co.cu
>
>
> AÃ±adiendo eso al DNS el Samba 4 me funcionaba perfectamente.
>
> Ahora el alpha 13 aprovecha la posibilidad de usar en BIND 9.x el
> update_policy:
>
> (esta es la propuesta que hace el alpha 13)
>
>
>
> # This file should be included in your main BIND configuration file
> #
> # For example with
> # include "${NAMED_CONF}";
>
> zone "${DNSDOMAIN}." IN {
>       type master;
>       file "${ZONE_FILE}";
>       /*
>        * the list of principals and what they can change is created
>        * dynamically by Samba, based on the membership of the domain
> controllers
>        * group. The provision just creates this file as an empty file.
>        */
>       include "${NAMED_CONF_UPDATE}";
>
>       /* we need to use check-names ignore so _msdcs A records can be created
> */
>       check-names ignore;
> };
>
> # The reverse zone configuration is optional.  The following example
> assumes a
> # subnet of 192.168.0.0/24:
>
>
> zone "0.168.192.in-addr.arpa" in {
>       type master;
>       file "0.168.192.in-addr.arpa.zone";
>       update-policy {
>               grant ${REALM_WC} wildcard *.0.168.192.in-addr.arpa. PTR;
>       };
> };
>
>
> # Note that the reverse zone file is not created during the provision
> process.
>
> # The most recent BIND versions (9.5.0a5 or later) support secure GSS-TSIG
> # updates.  If you are running an earlier version of BIND, or if you do
> not wish
> # to use secure GSS-TSIG updates, you may remove the update-policy
> sections in
> # both examples above.
>
>
>
> La lÃnea grant ${REALM_WC} wildcard me tiene confuso. No sÃ© realmente
> quÃ© poner ahÃ, y
> en consecuencia cuando lanzo al Samba 4 con, por ejemplo, ./samba -i -M
> single
> se queja:
>
>
>
> servidor:/etc/bind# servidor:/usr/local/samba/sbin# ./samba -i -M single
> samba version 4.0.0alpha13 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2010
> samba: using 'single' process model
> FIXME: Using new system session for hdb
> /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last):
> /usr/local/samba/sbin/samba_dnsupdate:   File
> "/usr/local/samba/sbin/samba_dnsupdate", line 276, in <module>
> /usr/local/samba/sbin/samba_dnsupdate:     if not check_dns_name(d):
> /usr/local/samba/sbin/samba_dnsupdate:   File
> "/usr/local/samba/sbin/samba_dnsupdate", line 161, in check_dns_name
> /usr/local/samba/sbin/samba_dnsupdate:     ans =
> resolver.query(normalised_name, d.type)
> /usr/local/samba/sbin/samba_dnsupdate:   File
> "/usr/local/samba/lib/python2.5/site-packages/samba/external/dns/resolver.py",
> line 733, in query
> /usr/local/samba/sbin/samba_dnsupdate:     return
> get_default_resolver().query(qname, rdtype, rdclass, tcp, source)
> /usr/local/samba/sbin/samba_dnsupdate:   File
> "/usr/local/samba/lib/python2.5/site-packages/samba/external/dns/resolver.py",
> line 673, in query
> /usr/local/samba/sbin/samba_dnsupdate:     answer = Answer(qname, rdtype,
> rdclass, response)
> /usr/local/samba/sbin/samba_dnsupdate:   File
> "/usr/local/samba/lib/python2.5/site-packages/samba/external/dns/resolver.py",
> line 121, in __init__
> /usr/local/samba/sbin/samba_dnsupdate:     raise NoAnswer
> /usr/local/samba/sbin/samba_dnsupdate: dns.resolver.NoAnswer
> ../dsdb/dns/dns_update.c:249: Failed DNS update - NT_STATUS_ACCESS_DENIED
> Testing kcctpl_create_intersite_connections
>
>
>
> Una consulta al servidor con
>
> servidor:/home/alberto# net --server 192.168.0.8
> -Uadministrator%Contrasena1 ads lookup kdc
>
> Me responde:
>
> desarrollo:/home/alberto# net --server 192.168.0.8
> -Uadministrator%Contrasena1 ads lookup kdc
> Information for Domain Controller: 192.168.0.8
>
> Response Type: SAMLOGON
> GUID: 72adddc9-ae48-47a3-9937-0609c662c53d
> Flags:
>         Is a PDC:                                   yes
>         Is a GC of the forest:                      yes
>         Is an LDAP server:                          yes
>       Supports DS:                                yes
>       Is running a KDC:                           yes
>       Is running time services:                   yes
>       Is the closest DC:                          yes
>       Is writable:                                yes
>       Has a hardware clock:                       yes
>       Is a non-domain NC serviced by LDAP server: no
> Forest:                       dominio.co.cu
> Domain:                       dominio.co.cu
> Domain Controller:    servidor.dominio.co.cu
> Pre-Win2k Domain:     PART-LAN
> Pre-Win2k Hostname:   \\SERVIDOR
> Server Site Name :            Default-First-Site-Name
> Client Site Name :            Default-First-Site-Name
> NT Version: 5
> LMNT Token: ffff
> LM20 Token: ffff
>
>
> Pero la consulta:
>
> servidor:/home/alberto# net --server 192.168.0.8
> -Uadministrator%Contrasena1 ads user info administrator
>
> falla con:
>
> [2010/10/19 09:03:17,  0] libads/kerberos.c:ads_kinit_password(356)
>   kerberos_kinit_password administra...@dominio.co.cu failed: Cannot
> resolve network address for KDC in requested realm
> [2010/10/19 09:03:17,  0] libads/kerberos.c:ads_kinit_password(356)
>   kerberos_kinit_password administra...@dominio.co.cu failed: Cannot
> resolve network address for KDC in requested realm
>
>
> Estoy necesitado de un buen consejo.... ;-)
> --
> MSc. Alberto GarcÃa Fumero
> Usuario Linux 97 318
> Las autoridades sanitarias advierten:
> El uso prolongado de Windows puede provocar dependencia
>
>
> --
> Este mensaje ha sido analizado por MailScanner en Partagas
> en busca de virus y otros contenidos peligrosos,
> y se considera que está limpio.
>
>
> ______________________________________________________________________
> Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
> Gutl-l@jovenclub.cu
> http://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
>



______________________________________________________________________
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
http://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l

Re: [Gutl-l] Problema con la configuración del DNS e n Samba 4 alpha 13

Responder a