En el sitio http://wiki.samba.org/index.php/Samba4/HOWTO explican sobre el DNS lo siguiente:
The simplest way to get a working DNS setup for Samba4 is to start with the DNS zone and configuration files that are created by the 'provision' step above. If you look in /usr/local/samba/private directory, you'll find a file called 'named.conf' and another one called samdom.example.com.zone (adjusted for your real DNS domain name of course!). Assuming your have a bind9 DNS server installed, you can activate the configuration that the provision has created by adding a line like this to /etc/bind/named.conf.local: include "/usr/local/samba/private/named.conf"; After adding that line you should restart your bind server and check in the system logs for any problems. Saludos. > Saludos a todos. > > Estoy cacharreando el alpha 13, como lo he hecho ya con los anteriores, > a ver qué tiene de nuevo. > > Me he encontrado que interactúa con el DNS de una forma más actualizada, > y (como era de esperar) que me quedado perdido. > > Versiones anteriores, como por ejemplo el alpha 8 (cito de memoria, tal > vez el 10 o el 11 lo hicieran también), generaban mediante el script > provision.pl una información de zona para añadirle al DNS que estuviera > funcionando en el ámbito. Algo como: > > ; -*- zone -*- > ; generated by provision.pl > $ORIGIN dominio.co.cu. > $TTL 1W > @ IN SOA @ hostmaster ( > 2007121818 ; serial > 2D ; refresh > 4H ; retry > 6W ; expiry > 1W ) ; minimum > IN NS servidor > IN A 192.168.0.8 > ; > > servidor IN A 192.168.0.8 > 72adddc9-ae48-47a3-9937-0609c662c53df._msdcs IN CNAME servidor > ; > ; global catalog servers > _gc._tcp IN SRV 0 100 3268 servidor > _ldap._tcp.gc._msdcs IN SRV 0 100 389 servidor > _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs IN SRV 0 100 389 > servidor > ; > ; ldap servers > _ldap._tcp IN SRV 0 100 389 servidor > _ldap._tcp.dc._msdcs IN SRV 0 100 389 servidor > _ldap._tcp.pdc._msdcs IN SRV 0 100 389 servidor > _ldap._tcp.ad008960-df36-45e7-8501-88fd48acb494.domains._msdcs > IN SRV 0 > 100 389 servidor > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 389 > servidor > ; > ; krb5 servers > _kerberos._tcp IN SRV 0 100 88 servidor > _kerberos._tcp.dc._msdcs IN SRV 0 100 88 servidor > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 > servidor > _kerberos._udp IN SRV 0 100 88 servidor > ; MIT kpasswd likes to lookup this name on password change > _kerberos-master._tcp IN SRV 0 100 88 servidor > _kerberos-master._udp IN SRV 0 100 88 servidor > ; > ; kpasswd > _kpasswd._tcp IN SRV 0 100 464 servidor > _kpasswd._udp IN SRV 0 100 464 servidor > ; > ; heimdal 'find realm for host' hack > _kerberos IN TXT dominio.co.cu > > > Añadiendo eso al DNS el Samba 4 me funcionaba perfectamente. > > Ahora el alpha 13 aprovecha la posibilidad de usar en BIND 9.x el > update_policy: > > (esta es la propuesta que hace el alpha 13) > > > > # This file should be included in your main BIND configuration file > # > # For example with > # include "${NAMED_CONF}"; > > zone "${DNSDOMAIN}." IN { > type master; > file "${ZONE_FILE}"; > /* > * the list of principals and what they can change is created > * dynamically by Samba, based on the membership of the domain > controllers > * group. The provision just creates this file as an empty file. > */ > include "${NAMED_CONF_UPDATE}"; > > /* we need to use check-names ignore so _msdcs A records can be created > */ > check-names ignore; > }; > > # The reverse zone configuration is optional. The following example > assumes a > # subnet of 192.168.0.0/24: > > > zone "0.168.192.in-addr.arpa" in { > type master; > file "0.168.192.in-addr.arpa.zone"; > update-policy { > grant ${REALM_WC} wildcard *.0.168.192.in-addr.arpa. PTR; > }; > }; > > > # Note that the reverse zone file is not created during the provision > process. > > # The most recent BIND versions (9.5.0a5 or later) support secure GSS-TSIG > # updates. If you are running an earlier version of BIND, or if you do > not wish > # to use secure GSS-TSIG updates, you may remove the update-policy > sections in > # both examples above. > > > > La lÃnea grant ${REALM_WC} wildcard me tiene confuso. No sé realmente > qué poner ahÃ, y > en consecuencia cuando lanzo al Samba 4 con, por ejemplo, ./samba -i -M > single > se queja: > > > > servidor:/etc/bind# servidor:/usr/local/samba/sbin# ./samba -i -M single > samba version 4.0.0alpha13 started. > Copyright Andrew Tridgell and the Samba Team 1992-2010 > samba: using 'single' process model > FIXME: Using new system session for hdb > /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): > /usr/local/samba/sbin/samba_dnsupdate: File > "/usr/local/samba/sbin/samba_dnsupdate", line 276, in <module> > /usr/local/samba/sbin/samba_dnsupdate: if not check_dns_name(d): > /usr/local/samba/sbin/samba_dnsupdate: File > "/usr/local/samba/sbin/samba_dnsupdate", line 161, in check_dns_name > /usr/local/samba/sbin/samba_dnsupdate: ans = > resolver.query(normalised_name, d.type) > /usr/local/samba/sbin/samba_dnsupdate: File > "/usr/local/samba/lib/python2.5/site-packages/samba/external/dns/resolver.py", > line 733, in query > /usr/local/samba/sbin/samba_dnsupdate: return > get_default_resolver().query(qname, rdtype, rdclass, tcp, source) > /usr/local/samba/sbin/samba_dnsupdate: File > "/usr/local/samba/lib/python2.5/site-packages/samba/external/dns/resolver.py", > line 673, in query > /usr/local/samba/sbin/samba_dnsupdate: answer = Answer(qname, rdtype, > rdclass, response) > /usr/local/samba/sbin/samba_dnsupdate: File > "/usr/local/samba/lib/python2.5/site-packages/samba/external/dns/resolver.py", > line 121, in __init__ > /usr/local/samba/sbin/samba_dnsupdate: raise NoAnswer > /usr/local/samba/sbin/samba_dnsupdate: dns.resolver.NoAnswer > ../dsdb/dns/dns_update.c:249: Failed DNS update - NT_STATUS_ACCESS_DENIED > Testing kcctpl_create_intersite_connections > > > > Una consulta al servidor con > > servidor:/home/alberto# net --server 192.168.0.8 > -Uadministrator%Contrasena1 ads lookup kdc > > Me responde: > > desarrollo:/home/alberto# net --server 192.168.0.8 > -Uadministrator%Contrasena1 ads lookup kdc > Information for Domain Controller: 192.168.0.8 > > Response Type: SAMLOGON > GUID: 72adddc9-ae48-47a3-9937-0609c662c53d > Flags: > Is a PDC: yes > Is a GC of the forest: yes > Is an LDAP server: yes > Supports DS: yes > Is running a KDC: yes > Is running time services: yes > Is the closest DC: yes > Is writable: yes > Has a hardware clock: yes > Is a non-domain NC serviced by LDAP server: no > Forest: dominio.co.cu > Domain: dominio.co.cu > Domain Controller: servidor.dominio.co.cu > Pre-Win2k Domain: PART-LAN > Pre-Win2k Hostname: \\SERVIDOR > Server Site Name : Default-First-Site-Name > Client Site Name : Default-First-Site-Name > NT Version: 5 > LMNT Token: ffff > LM20 Token: ffff > > > Pero la consulta: > > servidor:/home/alberto# net --server 192.168.0.8 > -Uadministrator%Contrasena1 ads user info administrator > > falla con: > > [2010/10/19 09:03:17, 0] libads/kerberos.c:ads_kinit_password(356) > kerberos_kinit_password administra...@dominio.co.cu failed: Cannot > resolve network address for KDC in requested realm > [2010/10/19 09:03:17, 0] libads/kerberos.c:ads_kinit_password(356) > kerberos_kinit_password administra...@dominio.co.cu failed: Cannot > resolve network address for KDC in requested realm > > > Estoy necesitado de un buen consejo.... ;-) > -- > MSc. Alberto GarcÃa Fumero > Usuario Linux 97 318 > Las autoridades sanitarias advierten: > El uso prolongado de Windows puede provocar dependencia > > > -- > Este mensaje ha sido analizado por MailScanner en Partagas > en busca de virus y otros contenidos peligrosos, > y se considera que está limpio. > > > ______________________________________________________________________ > Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba. > Gutl-l@jovenclub.cu > http://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l > ______________________________________________________________________ Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba. Gutl-l@jovenclub.cu http://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l