Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 4

Written by Masim "Vavai" Sugianto OpenSUSE, Server Jan 9, 2010 2,510 views Print This Post Print This Post

Previous Tutorial :

  1. Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 1, Installing Base System & Configuring Samba
  2. Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 2, Configuring OpenLDAP
  3. Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 3, Configuring smbldap-tools & LDAP Account Manager

Setting Dynamic DHCP & DNS Server
Dynamic DHCP & DNS Server will be working together to register the client hostname and ip address, so every client could be interchange data using their netbios name. DNS setting will also passing the client-server authorization a lot easier because client identity has been registered on server.

Beware, I’ll be use manual setting on dynamic DHCP & DNS server in this tutorial. Do not mixed the process with automatic setting with YAST | Network Services | DNS Server. Combine both setting my broken your dynamic DHCP & DNS configuration.

Preparation

  1. You should have DHCP & DNS pattern installed. Please refer to previous tutorial to check which package & pattern should be install
  2. Dynamic DNS Server need a key. Use the following command to generate dynamic key :
cd /etc
genDDNSkey

Default result is /etc/named.key. Place it on etc folder. If you are using chroot jail mode, you should copy/move the file into appropriate folder, ie “/var/lib/named/etc” and “/var/lib/dhcp/etc”

Configuring Dynamic DHCP Server

  1. Edit ”/etc/sysconfig/dhcpd” and change the following line DHCPD_INTERFACE=”" to looks like : 
    DHCPD_INTERFACE="eth0"

    Note : Replace ”’eth0”’ with your running network card id.

  2. Edit’/etc/dhcpd.conf” and change the content with the following configuration. Don’t forget to adjust your IP address and subnet 
    # File with key we shall use to securely update zone files
###########################################################
include "/etc/named.keys";

# Our server is authority
#########################################################
server-identifier server.vavai.net;
authoritative;

# Zone specification
###########################################
zone vavai.forward {
primary 192.168.1.254;
key DHCP_UPDATER;
}
zone vavai.reverse {
primary 192.168.1.254;
key DHCP_UPDATER;
}

# Various options
########################################
default-lease-time 86400;
max-lease-time 172800;

option domain-name "vavai.net";
option domain-name-servers 192.168.1.254;
option netbios-name-servers 192.168.1.254;

ignore client-updates;
ddns-domainname "vavai.net";
ddns-updates on;
ddns-update-style interim;

# Declaration of network properties ( range ... )
#################################################
subnet 192.168.1.0 netmask 255.255.255.0 {
range dynamic-bootp 192.168.1.10 192.168.1.254;
zone vavai.net { primary 127.0.0.1; key DHCP_UPDATER; }
zone 1.168.192.in-addr.arpa. { primary 127.0.0.1; key DHCP_UPDATER; }
option subnet-mask 255.255.255.0;
option routers 192.168.1.1;
one-lease-per-client on;
}

Confguring Dynamic DNS Server

  1. Edit “/etc/named.conf” and change the content with following configuration. Don’t forget to replace appropriate part/setting with yours : 
    # Include file with key
#################################################
include "/etc/named.keys";

# Access Control Lists
#################################################
acl mynet {
192.168.1.0/24;
127.0.0.1;
};

# Various Options
#################################################
options {
directory "/var/lib/named";
allow-query { mynet; };
forwarders { 192.168.1.1; };
};

# Misc zone declarations
#################################################
zone "localhost" in {
type master;
file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};

zone "." in {
type hint;
file "root.hint";
};

# Forward vavai.net zone declaration
#################################################
zone "vavai.net" {
type master;
file "dyn/vavai.forward";
allow-update { key DHCP_UPDATER; };
allow-transfer { mynet; };
check-names ignore;
};

# Active Directory Declarations
#############################################
zone "_tcp.vavai.net" IN {
type master;
file "master/_tcp.vavai.net.db";
allow-update { mynet; };
check-names ignore;
};

zone "_msdcs.vavai.net" IN {
type master;
file "master/_msdcs.vavai.net.db";
allow-update { mynet; };
check-names ignore;
};

zone "_sites.vavai.net" IN {
type master;
file "master/_sites.vavai.net.db";
check-names ignore;
allow-update { mynet; };
};

zone "_udp.vavai.net" IN {
type master;
file "master/_udp.vavai.net.db";
check-names ignore;
allow-update { mynet; };
};

# Reverse vavai.net zone declaration
#################################################
zone "1.168.192.in-addr.arpa" {
type master;
file "dyn/vavai.reverse";
allow-update { key DHCP_UPDATER; };
allow-transfer { mynet; };
};
  2. Create a new folder ”/var/lib/named/dyn”. Folder will be used for zone location
  3. Create a new file ”/var/lib/named/dyn/vavai.forward” (change vavai with your domain) with the following content : 
    $ORIGIN .
$TTL 5D
vavai.net               IN SOA  server.vavai.net. root.vavai.net. (
200524085  ; serial
3H         ; refresh
1H         ; retry
1W         ; expire
5D )       ; minimum

NS      server.vavai.net.
A       192.168.1.104

$ORIGIN vavai.net.
$TTL 5D
server                      A      192.168.1.104
  4. Create a new file ”/var/lib/named/dyn/vavai.reverse” with the following content : 
    $TTL 5D
@                      IN SOA  server.vavai.net. root.vavai.net. (
200524086  ; serial
3H         ; refresh
1H         ; retry
1W         ; expire
5H )       ; minimum

@                        NS      server.vavai.net.

104                     PTR     server.vavai.net.
  5. Create a new file ”/var/lib/named/dyn/_tcp.vavai.net.db” (this file will be use for active directory) with the following content : 
    $ORIGIN .
$TTL 432000     ; 5 days
_tcp.vavai.net               IN SOA  server.vavai.net. root.vavai.net. (
200524091  ; serial
10800      ; refresh (3 hours)
3600       ; retry (1 hour)
604800     ; expire (1 week)
432000     ; minimum (5 days)
)
IN      NS      server.vavai.net.
$ORIGIN _tcp.vavai.net.
$TTL 600        ; 10 mins
_ldap._tcp.vavai.net.        SRV     0 0 389 server.vavai.net.
_kerberos._tcp.vavai.net.    SRV     0 0 88 server.vavai.net.
  6. Create a new file ”/var/lib/named/dyn/_udp.vavai.net.db” (this file will also be used for active directory) with the following content : 
    $ORIGIN .
$TTL 432000     ; 5 days
_udp.vavai.net               IN SOA  server.vavai.net. root.vavai.net. (
200524090  ; serial
10800      ; refresh (3 hours)
3600       ; retry (1 hour)
604800     ; expire (1 week)
432000     ; minimum (5 days)
)
IN      NS      server.vavai.net.
$ORIGIN _udp.vavai.net.
$TTL 600        ; 10 mins
  7. Create a new file ”/var/lib/named/dyn/_sites.vavai.net.db” (this file will also be used for active directory) with the following content : 
    $ORIGIN .
$TTL 432000     ; 5 days
_sites.vavai.net               IN SOA  server.vavai.net. root.vavai.net. (
200524090  ; serial
10800      ; refresh (3 hours)
3600       ; retry (1 hour)
604800     ; expire (1 week)
432000     ; minimum (5 days)
)
IN      NS      server.vavai.net.
$ORIGIN _sites.vavai.net.
$TTL 600        ; 10 mins
  8. Create a new file ”/var/lib/named/dyn/_msdcs.vavai.net.db” (this file will also be used for active directory) with the following content : 
    $ORIGIN .
$TTL 432000     ; 5 days
_msdcs.vavai.net             IN SOA  server.vavai.net. root.vavai.net. (
200524091  ; serial
10800      ; refresh (3 hours)
3600       ; retry (1 hour)
604800     ; expire (1 week)
432000     ; minimum (5 days)
)
IN      NS      server.vavai.net.
$ORIGIN _msdcs.vavai.net.
$TTL 600        ; 10 mins
_ldap._tcp.dc._msdcs.vavai.net.      SRV 0 0 389 server.vavai.net.
_kerberos._tcp.dc._msdcs.vavai.net.  SRV 0 0 88 server.vavai.net.

We will reach to the final setting on next 2 tutorial. I’ll be continue with next tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 5, TESTING SAMBA, SERVICE LDAP & CONFIGURING CLIENT

Related Entries

10 Responses for “Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 4”

  1. Reason says:
    March 18, 2010 at 1:34 pm

    What are you referencing with A record for A 192.168.1.104 in the file /var/lib/named/dyn/vavai.forward?

    What is option routers 192.168.1.1; referencing to in the file /etc/dhcpd.conf?

  2. Reason says:
    March 18, 2010 at 1:55 pm

    I ran genDDNSkey and it generated /etc/named.keys but when I restart named service, I get an error of:

    /etc/named.conf:3: open: /etc/named.keys: file not found
    skipped

    The file IS there and named accordingly

  3. Vavai says:
    March 18, 2010 at 1:59 pm

    @Reason,

    Quote from my tutorial :

    Default result is /etc/named.key. Place it on etc folder. If you are using chroot jail mode, you should copy/move the file into appropriate folder, ie “/var/lib/named/etc” and “/var/lib/dhcp/etc”

  4. Reason says:
    March 18, 2010 at 9:35 pm

    But the default result was not /etc/named.key but in fact /etc/named.keys which is what the /etc/named.conf is looking for.

  5. Vavai says:
    March 18, 2010 at 9:49 pm

    Sorry, a typo.

    Actually, what I means is that you must place the named.keys on /var/lib/named/etc instead of /etc

  6. Reason says:
    March 19, 2010 at 3:16 am

    And does this mean that you must also update /etc/named.conf to reflect /var/lib/named/etc because the config file *is* set to that very folder that named.keys is located in.

  7. Vavai says:
    March 19, 2010 at 6:18 am

    No,

    Just keep named.conf as is as shown above. Please keep in mind that you looks like use chroot jail for DNS and an chroot jail, /var/lib/named/etc will act as /etc.

    Just copy your named.keys on /var/lib/named/etc and then start named service.

  8. Reason says:
    March 19, 2010 at 10:00 am

    Ok. That worked! But not dhcpd can not find named.keys. I have confirmed that it is in both directories. The dhcpd.conf has /etc/named.keys. Here is my error:

    Can’t open /etc/named.keys: No such file or directory

  9. Reason says:
    March 20, 2010 at 11:19 am

    I just figured it out. dhcpd can not run chrooted. You have to change the value DHCPD_RUN_CHROOTED=”yes” in /etc/sysconfig/dhcpd to DHCPD_RUN_CHROOTED=”no”. This allowed it to run and start.

  10. Reason says:
    March 21, 2010 at 10:43 am

    Correction: I forget to copy named.keys into the /var/lib/dhcp/etc folder. It can run chrooted without setting DHCPD_RUN_CHROOTED to no. My mistake.

Leave a Reply

About Vavai

Masim Vavai Sugianto Masim Vavai Sugianto, Indonesian, male, 32 years old, born and live in Bekasi-West Java, a small town near Jakarta – main city of Indonesia – since 17 May 1976. Founder of Indonesian openSUSE and Zimbra Community, an adventure, travelling and book lover.



I live in a tropical country, Indonesia that only has two seasons, dry season and rainy season. I love the dry season with bright sunshine and rare rain…There is a joke about the seasons in Indonesia. Indonesia is known as a country with so many season, ie : durian season, mango season, married season and much more...



ContactI'm currently working as an IT support for a small company based on Jakarta. My career has led me to specialize in Sysadmin, networking and software implementation with current focus on Linux and open source area. I have experience on MRP, ERP, Gemba Kaizen, Just in Time, Six Sigma and TQC/TQM. Please use my contact page if you wish to contact me.
Log in - BlogNews Theme by Gabfire themes