Samba4 DNS
From Stadm
Jump to navigationJump to searchDNS Entries for PDC
- file located at /usr/local/samba/private/dns_update_list
# this is a list of DNS entries which will be put into DNS using # dynamic DNS update. It is processed by the samba_dnsupdate script A ${DNSDOMAIN} $IP A ${HOSTNAME} $IP AAAA ${DNSDOMAIN} $IP AAAA ${HOSTNAME} $IP A gc._msdcs.${DNSFOREST} $IP AAAA gc._msdcs.${DNSFOREST} $IP CNAME ${NTDSGUID}._msdcs.${DNSFOREST} ${HOSTNAME} SRV _kpasswd._tcp.${DNSDOMAIN} ${HOSTNAME} 464 SRV _kpasswd._udp.${DNSDOMAIN} ${HOSTNAME} 464 SRV _kerberos._tcp.${DNSDOMAIN} ${HOSTNAME} 88 SRV _kerberos._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 88 SRV _kerberos._tcp.dc._msdcs.${DNSFOREST} ${HOSTNAME} 88 SRV _kerberos._tcp.${SITE}._sites.${DNSDOMAIN} ${HOSTNAME} 88 SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 88 SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} ${HOSTNAME} 88 SRV _kerberos._udp.${DNSDOMAIN} ${HOSTNAME} 88 SRV _ldap._tcp.${DNSDOMAIN} ${HOSTNAME} 389 SRV _ldap._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389 SRV _ldap._tcp.dc._msdcs.${DNSFOREST} ${HOSTNAME} 389 SRV _ldap._tcp.gc._msdcs.${DNSFOREST} ${HOSTNAME} 3268 SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389 SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389 SRV _ldap._tcp.${SITE}._sites.${DNSDOMAIN} ${HOSTNAME} 389 SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389 SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} ${HOSTNAME} 389 SRV _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST} ${HOSTNAME} 3268 SRV _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} ${HOSTNAME} 389 SRV _gc._tcp.${DNSFOREST} ${HOSTNAME} 3268 SRV _gc._tcp.${SITE}._sites.${DNSFOREST} ${HOSTNAME} 3268
- there are duplicate entries for the PDC(maybe for BDC as well)
- can find parameters ${DNSFOREST}, ${DNSDOMAIN}, ${DOMAINGUID}, ${HOSTNAME}, ${NTDSGUID}, ${SITE} by putting a few print statements in samba_dnsupdate
Find Variables
- patch for print statements to easily find variables
--- samba_dnsupdate 2014-06-04 15:58:59.324101278 -0700 +++ /root/scripts_samba/samba_dnsupdate 2014-06-04 15:41:38.683189142 -0700 @@ -271,17 +271,9 @@ def get_subst_vars(samdb): vars['HOSTNAME'] = samdb.host_dns_name() vars['NTDSGUID'] = samdb.get_ntds_GUID() vars['SITE'] = samdb.server_site_name() - if opts.verbose: - print "INFO: DNSDOMAIN is :: %s" % vars['DNSDOMAIN'] - print "INFO: DNSFOREST is :: %s" % vars['DNSFOREST'] - print "INFO: HOSTNAME is :: %s" % vars['HOSTNAME'] - print "INFO: NTDSGUID is :: %s" % vars['NTDSGUID'] - print "INFO: SITE is :: %s" % vars['SITE'] res = samdb.search(base=samdb.get_default_basedn(), scope=SCOPE_BASE, attrs=["objectGUID"]) guid = samdb.schema_format_value("objectGUID", res[0]['objectGUID'][0]) vars['DOMAINGUID'] = guid - if opts.verbose: - print "INFO: DOMAINGUID is :: %s" % vars['DOMAINGUID'] am_rodc = samdb.am_rodc()
- run the following to get just what you need
samba_dnsupdate --verbose | grep "INFO:"
- will spit out the variables needed to be added into DNS
Check all DNS entries(WIP)
#!/bin/bash #fill in variables DNSDOMAIN= DNSFOREST= HOSTNAME= NTDSGUID= SITE= DOMAINGUID= COMM="host -t" $COMM SRV _kpasswd._tcp.${DNSDOMAIN} $COMM SRV _kpasswd._udp.${DNSDOMAIN} $COMM SRV _kerberos._tcp.${DNSDOMAIN} $COMM SRV _kerberos._tcp.dc._msdcs.${DNSDOMAIN} $COMM SRV _kerberos._tcp.dc._msdcs.${DNSFOREST} $COMM SRV _kerberos._tcp.${SITE}._sites.${DNSDOMAIN} $COMM SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} $COMM SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} $COMM SRV _kerberos._udp.${DNSDOMAIN} $COMM SRV _ldap._tcp.${DNSDOMAIN} $COMM SRV _ldap._tcp.dc._msdcs.${DNSDOMAIN} $COMM SRV _ldap._tcp.dc._msdcs.${DNSFOREST} $COMM SRV _ldap._tcp.gc._msdcs.${DNSFOREST} $COMM SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} $COMM SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} $COMM SRV _ldap._tcp.${SITE}._sites.${DNSDOMAIN} $COMM SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} $COMM SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} $COMM SRV _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST} $COMM SRV _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} $COMM SRV _gc._tcp.${DNSFOREST} $COMM SRV _gc._tcp.${SITE}._sites.${DNSFOREST}
- running the script will show you all entires that are in and which are not