Samba4 DNS

From Stadm
Jump to navigationJump to search

DNS Entries for PDC

  • file located at /usr/local/samba/private/dns_update_list
# this is a list of DNS entries which will be put into DNS using
# dynamic DNS update. It is processed by the samba_dnsupdate script
A                                                        ${DNSDOMAIN} $IP
A                                                        ${HOSTNAME} $IP
AAAA                                                     ${DNSDOMAIN} $IP
AAAA                                                     ${HOSTNAME} $IP

A                                                        gc._msdcs.${DNSFOREST} $IP
AAAA                                                     gc._msdcs.${DNSFOREST} $IP

CNAME ${NTDSGUID}._msdcs.${DNSFOREST}                    ${HOSTNAME}

SRV _kpasswd._tcp.${DNSDOMAIN}                           ${HOSTNAME} 464
SRV _kpasswd._udp.${DNSDOMAIN}                           ${HOSTNAME} 464

SRV _kerberos._tcp.${DNSDOMAIN}                          ${HOSTNAME} 88
SRV _kerberos._tcp.dc._msdcs.${DNSDOMAIN}                ${HOSTNAME} 88
SRV _kerberos._tcp.dc._msdcs.${DNSFOREST}                ${HOSTNAME} 88
SRV _kerberos._tcp.${SITE}._sites.${DNSDOMAIN}           ${HOSTNAME} 88
SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 88
SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} ${HOSTNAME} 88

SRV _kerberos._udp.${DNSDOMAIN}                          ${HOSTNAME} 88

SRV _ldap._tcp.${DNSDOMAIN}                              ${HOSTNAME} 389
SRV _ldap._tcp.dc._msdcs.${DNSDOMAIN}                    ${HOSTNAME} 389
SRV _ldap._tcp.dc._msdcs.${DNSFOREST}                    ${HOSTNAME} 389
SRV _ldap._tcp.gc._msdcs.${DNSFOREST}                    ${HOSTNAME} 3268
SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}                   ${HOSTNAME} 389
SRV _ldap._tcp.pdc._msdcs.${DNSFOREST}                   ${HOSTNAME} 389
SRV _ldap._tcp.${SITE}._sites.${DNSDOMAIN}	         ${HOSTNAME} 389
SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN}     ${HOSTNAME} 389
SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST}     ${HOSTNAME} 389
SRV _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST}     ${HOSTNAME} 3268
SRV _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} ${HOSTNAME} 389


SRV _gc._tcp.${DNSFOREST}                                ${HOSTNAME} 3268
SRV _gc._tcp.${SITE}._sites.${DNSFOREST}                 ${HOSTNAME} 3268
  • there are duplicate entries for the PDC(maybe for BDC as well)
  • can find parameters ${DNSFOREST}, ${DNSDOMAIN}, ${DOMAINGUID}, ${HOSTNAME}, ${NTDSGUID}, ${SITE} by putting a few print statements in samba_dnsupdate

Find Variables

  • patch for print statements to easily find variables
--- samba_dnsupdate	2014-06-04 15:58:59.324101278 -0700
+++ /root/scripts_samba/samba_dnsupdate	2014-06-04 15:41:38.683189142 -0700
@@ -271,17 +271,9 @@ def get_subst_vars(samdb):
     vars['HOSTNAME']  = samdb.host_dns_name()
     vars['NTDSGUID']  = samdb.get_ntds_GUID()
     vars['SITE']      = samdb.server_site_name()
-    if opts.verbose:
-        print "INFO: DNSDOMAIN is :: %s" % vars['DNSDOMAIN']
-        print "INFO: DNSFOREST is :: %s" % vars['DNSFOREST']
-        print "INFO: HOSTNAME is :: %s" % vars['HOSTNAME']
-        print "INFO: NTDSGUID is :: %s" % vars['NTDSGUID']
-        print "INFO: SITE is :: %s" % vars['SITE']
     res = samdb.search(base=samdb.get_default_basedn(), scope=SCOPE_BASE, attrs=["objectGUID"])
     guid = samdb.schema_format_value("objectGUID", res[0]['objectGUID'][0])
     vars['DOMAINGUID'] = guid
-    if opts.verbose:
-        print "INFO: DOMAINGUID is :: %s" % vars['DOMAINGUID']
     am_rodc = samdb.am_rodc()
  • run the following to get just what you need
samba_dnsupdate --verbose | grep "INFO:"
  • will spit out the variables needed to be added into DNS

Check all DNS entries(WIP)

#!/bin/bash

#fill in variables
DNSDOMAIN=
DNSFOREST=
HOSTNAME=
NTDSGUID=
SITE=
DOMAINGUID=

COMM="host -t"

$COMM SRV _kpasswd._tcp.${DNSDOMAIN}
$COMM SRV _kpasswd._udp.${DNSDOMAIN}

$COMM SRV _kerberos._tcp.${DNSDOMAIN}
$COMM SRV _kerberos._tcp.dc._msdcs.${DNSDOMAIN}
$COMM SRV _kerberos._tcp.dc._msdcs.${DNSFOREST}
$COMM SRV _kerberos._tcp.${SITE}._sites.${DNSDOMAIN}
$COMM SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN}
$COMM SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST}

$COMM SRV _kerberos._udp.${DNSDOMAIN}

$COMM SRV _ldap._tcp.${DNSDOMAIN}
$COMM SRV _ldap._tcp.dc._msdcs.${DNSDOMAIN}
$COMM SRV _ldap._tcp.dc._msdcs.${DNSFOREST}
$COMM SRV _ldap._tcp.gc._msdcs.${DNSFOREST}
$COMM SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}
$COMM SRV _ldap._tcp.pdc._msdcs.${DNSFOREST}
$COMM SRV _ldap._tcp.${SITE}._sites.${DNSDOMAIN}
$COMM SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN}
$COMM SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST}
$COMM SRV _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST}
$COMM SRV _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST}

$COMM SRV _gc._tcp.${DNSFOREST}
$COMM SRV _gc._tcp.${SITE}._sites.${DNSFOREST}
  • running the script will show you all entires that are in and which are not