April 18, 2024
Headlines

Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 4

Muhammad Rivai2010 mins

Previous Tutorial :

  1. Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 1, Installing Base System & Configuring Samba
  2. Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 2, Configuring OpenLDAP
  3. Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 3, Configuring smbldap-tools & LDAP Account Manager


Setting Dynamic DHCP & DNS Server
Dynamic DHCP & DNS Server will be working together to register the client hostname and ip address, so every client could be interchange data using their netbios name. DNS setting will also passing the client-server authorization a lot easier because client identity has been registered on server.
Beware, I’ll be use manual setting on dynamic DHCP & DNS server in this tutorial. Do not mixed the process with automatic setting with YAST | Network Services | DNS Server. Combine both setting my broken your dynamic DHCP & DNS configuration.
Preparation

  1. You should have DHCP & DNS pattern installed. Please refer to previous tutorial to check which package & pattern should be install
  2. Dynamic DNS Server need a key. Use the following command to generate dynamic key :

[code language=’cpp’]
cd /etc
genDDNSkey
[/code]
Default result is /etc/named.key. Place it on etc folder. If you are using chroot jail mode, you should copy/move the file into appropriate folder, ie “/var/lib/named/etc” and “/var/lib/dhcp/etc”
Configuring Dynamic DHCP Server

  1. Edit ”/etc/sysconfig/dhcpd” and change the following line DHCPD_INTERFACE=”” to looks like :
    [code language=’cpp’]
    DHCPD_INTERFACE=”eth0″
    [/code]
    Note : Replace ”’eth0”’ with your running network card id.
  2. Edit’/etc/dhcpd.conf” and change the content with the following configuration. Don’t forget to adjust your IP address and subnet
    [code language=’cpp’]
    # File with key we shall use to securely update zone files
    ###########################################################
    include “/etc/named.keys”;
    # Our server is authority
    #########################################################
    server-identifier server.vavai.net;
    authoritative;
    # Zone specification
    ###########################################
    zone vavai.forward {
    primary 192.168.1.254;
    key DHCP_UPDATER;
    }
    zone vavai.reverse {
    primary 192.168.1.254;
    key DHCP_UPDATER;
    }
    # Various options
    ########################################
    default-lease-time 86400;
    max-lease-time 172800;
    option domain-name “vavai.net”;
    option domain-name-servers 192.168.1.254;
    option netbios-name-servers 192.168.1.254;
    ignore client-updates;
    ddns-domainname “vavai.net”;
    ddns-updates on;
    ddns-update-style interim;
    # Declaration of network properties ( range … )
    #################################################
    subnet 192.168.1.0 netmask 255.255.255.0 {
    range dynamic-bootp 192.168.1.10 192.168.1.254;
    zone vavai.net { primary 127.0.0.1; key DHCP_UPDATER; }
    zone 1.168.192.in-addr.arpa. { primary 127.0.0.1; key DHCP_UPDATER; }
    option subnet-mask 255.255.255.0;
    option routers 192.168.1.1;
    one-lease-per-client on;
    }
    [/code]

Confguring Dynamic DNS Server

  1. Edit “/etc/named.conf” and change the content with following configuration. Don’t forget to replace appropriate part/setting with yours :
    [code language=’cpp’]
    # Include file with key
    #################################################
    include “/etc/named.keys”;
    # Access Control Lists
    #################################################
    acl mynet {
    192.168.1.0/24;
    127.0.0.1;
    };
    # Various Options
    #################################################
    options {
    directory “/var/lib/named”;
    allow-query { mynet; };
    forwarders { 192.168.1.1; };
    };
    # Misc zone declarations
    #################################################
    zone “localhost” in {
    type master;
    file “localhost.zone”;
    };
    zone “0.0.127.in-addr.arpa” in {
    type master;
    file “127.0.0.zone”;
    };
    zone “.” in {
    type hint;
    file “root.hint”;
    };
    # Forward vavai.net zone declaration
    #################################################
    zone “vavai.net” {
    type master;
    file “dyn/vavai.forward”;
    allow-update { key DHCP_UPDATER; };
    allow-transfer { mynet; };
    check-names ignore;
    };
    # Active Directory Declarations
    #############################################
    zone “_tcp.vavai.net” IN {
    type master;
    file “master/_tcp.vavai.net.db”;
    allow-update { mynet; };
    check-names ignore;
    };
    zone “_msdcs.vavai.net” IN {
    type master;
    file “master/_msdcs.vavai.net.db”;
    allow-update { mynet; };
    check-names ignore;
    };
    zone “_sites.vavai.net” IN {
    type master;
    file “master/_sites.vavai.net.db”;
    check-names ignore;
    allow-update { mynet; };
    };
    zone “_udp.vavai.net” IN {
    type master;
    file “master/_udp.vavai.net.db”;
    check-names ignore;
    allow-update { mynet; };
    };
    # Reverse vavai.net zone declaration
    #################################################
    zone “1.168.192.in-addr.arpa” {
    type master;
    file “dyn/vavai.reverse”;
    allow-update { key DHCP_UPDATER; };
    allow-transfer { mynet; };
    };
    [/code]
  2. Create a new folder ”/var/lib/named/dyn”. Folder will be used for zone location
  3. Create a new file ”/var/lib/named/dyn/vavai.forward” (change vavai with your domain) with the following content :
    [code language=’cpp’]
    $ORIGIN .
    $TTL 5D
    vavai.net IN SOA server.vavai.net. root.vavai.net. (
    200524085 ; serial
    3H ; refresh
    1H ; retry
    1W ; expire
    5D ) ; minimum
    NS server.vavai.net.
    A 192.168.1.104
    $ORIGIN vavai.net.
    $TTL 5D
    server A 192.168.1.104
    [/code]
  4. Create a new file ”/var/lib/named/dyn/vavai.reverse” with the following content :
    [code language=’cpp’]
    $TTL 5D
    @ IN SOA server.vavai.net. root.vavai.net. (
    200524086 ; serial
    3H ; refresh
    1H ; retry
    1W ; expire
    5H ) ; minimum
    @ NS server.vavai.net.
    104 PTR server.vavai.net.
    [/code]
  5. Create a new file ”/var/lib/named/dyn/_tcp.vavai.net.db” (this file will be use for active directory) with the following content :
    [code language=’cpp’]
    $ORIGIN .
    $TTL 432000 ; 5 days
    _tcp.vavai.net IN SOA server.vavai.net. root.vavai.net. (
    200524091 ; serial
    10800 ; refresh (3 hours)
    3600 ; retry (1 hour)
    604800 ; expire (1 week)
    432000 ; minimum (5 days)
    )
    IN NS server.vavai.net.
    $ORIGIN _tcp.vavai.net.
    $TTL 600 ; 10 mins
    _ldap._tcp.vavai.net. SRV 0 0 389 server.vavai.net.
    _kerberos._tcp.vavai.net. SRV 0 0 88 server.vavai.net.
    [/code]
  6. Create a new file ”/var/lib/named/dyn/_udp.vavai.net.db” (this file will also be used for active directory) with the following content :
    [code language=’cpp’]
    $ORIGIN .
    $TTL 432000 ; 5 days
    _udp.vavai.net IN SOA server.vavai.net. root.vavai.net. (
    200524090 ; serial
    10800 ; refresh (3 hours)
    3600 ; retry (1 hour)
    604800 ; expire (1 week)
    432000 ; minimum (5 days)
    )
    IN NS server.vavai.net.
    $ORIGIN _udp.vavai.net.
    $TTL 600 ; 10 mins
    [/code]
  7. Create a new file ”/var/lib/named/dyn/_sites.vavai.net.db” (this file will also be used for active directory) with the following content :
    [code language=’cpp’]
    $ORIGIN .
    $TTL 432000 ; 5 days
    _sites.vavai.net IN SOA server.vavai.net. root.vavai.net. (
    200524090 ; serial
    10800 ; refresh (3 hours)
    3600 ; retry (1 hour)
    604800 ; expire (1 week)
    432000 ; minimum (5 days)
    )
    IN NS server.vavai.net.
    $ORIGIN _sites.vavai.net.
    $TTL 600 ; 10 mins
    [/code]
  8. Create a new file ”/var/lib/named/dyn/_msdcs.vavai.net.db” (this file will also be used for active directory) with the following content :
    [code language=’cpp’]
    $ORIGIN .
    $TTL 432000 ; 5 days
    _msdcs.vavai.net IN SOA server.vavai.net. root.vavai.net. (
    200524091 ; serial
    10800 ; refresh (3 hours)
    3600 ; retry (1 hour)
    604800 ; expire (1 week)
    432000 ; minimum (5 days)
    )
    IN NS server.vavai.net.
    $ORIGIN _msdcs.vavai.net.
    $TTL 600 ; 10 mins
    _ldap._tcp.dc._msdcs.vavai.net. SRV 0 0 389 server.vavai.net.
    _kerberos._tcp.dc._msdcs.vavai.net. SRV 0 0 88 server.vavai.net.
    [/code]

We will reach to the final setting on next 2 tutorial. I’ll be continue with next tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 5, TESTING SAMBA, SERVICE LDAP & CONFIGURING CLIENT

20 thoughts on “Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 4

  1. What are you referencing with A record for A 192.168.1.104 in the file /var/lib/named/dyn/vavai.forward?
    What is option routers 192.168.1.1; referencing to in the file /etc/dhcpd.conf?

    Reply

  2. What are you referencing with A record for A 192.168.1.104 in the file /var/lib/named/dyn/vavai.forward?
    What is option routers 192.168.1.1; referencing to in the file /etc/dhcpd.conf?

    Reply

  3. I ran genDDNSkey and it generated /etc/named.keys but when I restart named service, I get an error of:
    /etc/named.conf:3: open: /etc/named.keys: file not found
    skipped
    The file IS there and named accordingly

    Reply

  4. I ran genDDNSkey and it generated /etc/named.keys but when I restart named service, I get an error of:
    /etc/named.conf:3: open: /etc/named.keys: file not found
    skipped
    The file IS there and named accordingly

    Reply

  5. @Reason,
    Quote from my tutorial :
    Default result is /etc/named.key. Place it on etc folder. If you are using chroot jail mode, you should copy/move the file into appropriate folder, ie “/var/lib/named/etc” and “/var/lib/dhcp/etc”

    Reply

  6. @Reason,
    Quote from my tutorial :
    Default result is /etc/named.key. Place it on etc folder. If you are using chroot jail mode, you should copy/move the file into appropriate folder, ie “/var/lib/named/etc” and “/var/lib/dhcp/etc”

    Reply

  7. But the default result was not /etc/named.key but in fact /etc/named.keys which is what the /etc/named.conf is looking for.

    Reply

  8. But the default result was not /etc/named.key but in fact /etc/named.keys which is what the /etc/named.conf is looking for.

    Reply

  11. And does this mean that you must also update /etc/named.conf to reflect /var/lib/named/etc because the config file *is* set to that very folder that named.keys is located in.

    Reply

  12. No,
    Just keep named.conf as is as shown above. Please keep in mind that you looks like use chroot jail for DNS and an chroot jail, /var/lib/named/etc will act as /etc.
    Just copy your named.keys on /var/lib/named/etc and then start named service.

    Reply

  13. Ok. That worked! But not dhcpd can not find named.keys. I have confirmed that it is in both directories. The dhcpd.conf has /etc/named.keys. Here is my error:
    Can’t open /etc/named.keys: No such file or directory

    Reply

  14. Ok. That worked! But not dhcpd can not find named.keys. I have confirmed that it is in both directories. The dhcpd.conf has /etc/named.keys. Here is my error:
    Can’t open /etc/named.keys: No such file or directory

    Reply

  15. I just figured it out. dhcpd can not run chrooted. You have to change the value DHCPD_RUN_CHROOTED=”yes” in /etc/sysconfig/dhcpd to DHCPD_RUN_CHROOTED=”no”. This allowed it to run and start.

    Reply

  16. Correction: I forget to copy named.keys into the /var/lib/dhcp/etc folder. It can run chrooted without setting DHCPD_RUN_CHROOTED to no. My mistake.

    Reply
  17. Pingback: named fail to start (jail) and dhcpd have very strange behaviour .

  18. named fail to start (jail) and dhcpd have very strange behaviour .
    First
    Just for information in case if it is important to start dhcpd and named :
    Sep 16 20:26:44 LINUX-SRV named[2417]: nss_ldap: could not search LDAP server – Server is unavailable
    Sep 16 20:26:44 LINUX-SRV named[2417]: nss_ldap: could not search LDAP server – Server is unavailable
    Secondly
    Both config files in /etc/sysconfig set parameters to start in jail root
    but
    NAMED_CONF_INCLUDE_FILES=””
    DHCPD_CONF_INCLUDE_FILES=””
    1°) DHCPD
    ================
    To make dhcpd to start :
    named.keys must be in both directory :
    “/etc/named.keys”
    “/var/lib/dhcp/etc/named.keys”
    and
    /etc/dhcpd.conf must contain :
    include “/etc/named.keys”;
    ( not –> include “/var/lib/dhcp/etc/named.keys”; because in that case it does not find the named.keys file : Can’t open /var/lib/dhcp/etc/named.keys: No such file or directory )
    LINUX-SRV:~ # service dhcpd start
    Starting ISC DHCPv4 4.x Server [chroot] done
    LINUX-SRV:~ #
    2°) NAMED
    ================
    with : /etc/named.conf file :
    # Include file with key
    #################################################
    include “/etc/named.keys”;
    include “/etc/named.conf.include”; ( this file is empty )
    /var/log/messages :
    Sep 16 20:26:44 LINUX-SRV named[2418]: starting BIND 9.7.1 -t /var/lib/named -u named
    Sep 16 20:26:44 LINUX-SRV named[2418]: built with ‘–prefix=/usr’ ‘–bindir=/usr/bin’ ‘–sbindir=/usr/sbin’ ‘–sysconfdir=/etc’ ‘–localstatedir=/var’ ‘–libdir=/usr/lib’ ‘–includedir=/usr/include/bind’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–with-openssl’ ‘–enable-threads’ ‘–with-libtool’ ‘–enable-runidn’ ‘–with-libxml2’ ‘–with-dlz-mysql’ ‘–with-dlz-ldap’ ‘CFLAGS=-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fno-strict-aliasing’ ‘LDFLAGS=-L/usr/lib’
    Sep 16 20:26:44 LINUX-SRV named[2418]: adjusted limit on open files from 8192 to 1048576
    Sep 16 20:26:44 LINUX-SRV named[2418]: found 1 CPU, using 1 worker thread
    Sep 16 20:26:44 LINUX-SRV named[2418]: using up to 4096 sockets
    Sep 16 20:26:44 LINUX-SRV named[2418]: loading configuration from ‘/etc/named.conf’
    Sep 16 20:26:44 LINUX-SRV named[2418]: /etc/named.conf:212: open: /etc/named.keys: permission denied
    Sep 16 20:26:44 LINUX-SRV named[2418]: loading configuration: permission denied
    Sep 16 20:26:44 LINUX-SRV named[2418]: exiting (due to fatal error)
    with : /etc/named.conf file :
    # Include file with key
    #################################################
    include “/var/lib/named/etc/named.keys”;
    include “/etc/named.conf.include”; ( this file is empty )
    /var/log/messages :
    Sep 16 21:11:35 LINUX-SRV named[6065]: starting BIND 9.7.1 -t /var/lib/named -u named
    Sep 16 21:11:35 LINUX-SRV named[6065]: built with ‘–prefix=/usr’ ‘–bindir=/usr/bin’ ‘–sbindir=/usr/sbin’ ‘–sysconfdir=/etc’ ‘–localstatedir=/var’ ‘–libdir=/usr/lib’ ‘–includedir=/usr/include/bind’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–with-openssl’ ‘–enable-threads’ ‘–with-libtool’ ‘–enable-runidn’ ‘–with-libxml2’ ‘–with-dlz-mysql’ ‘–with-dlz-ldap’ ‘CFLAGS=-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fno-strict-aliasing’ ‘LDFLAGS=-L/usr/lib’
    Sep 16 21:11:35 LINUX-SRV named[6065]: adjusted limit on open files from 8192 to 1048576
    Sep 16 21:11:35 LINUX-SRV named[6065]: found 1 CPU, using 1 worker thread
    Sep 16 21:11:35 LINUX-SRV named[6065]: using up to 4096 sockets
    Sep 16 21:11:35 LINUX-SRV named[6065]: loading configuration from ‘/etc/named.conf’
    Sep 16 21:11:35 LINUX-SRV named[6065]: /etc/named.conf:212: open: /var/lib/named/etc/named.keys: file not found
    Sep 16 21:11:35 LINUX-SRV named[6065]: loading configuration: file not found
    Sep 16 21:11:35 LINUX-SRV named[6065]: exiting (due to fatal error)
    During starting, the daemon destroy “/var/lib/named/etc/named.keys”
    For the moment, I want just to start named and dhcpd.
    Thank you for your help

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News