Difference between revisions of "Samba4 DNS"
From Stadm
Jump to navigationJump to search (Created page with "==DNS Entries for PDS== ==Find Variables== --- samba_dnsupdate 2014-06-04 15:58:59.324101278 -0700 +++ /root/scripts_samba/samba_dnsupdate 2014-06-04 15:41:38.683189142 -0...") |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | ==DNS Entries for | + | ==DNS Entries for PDC== |
| − | + | *file located at /usr/local/samba/private/dns_update_list | |
| + | # this is a list of DNS entries which will be put into DNS using | ||
| + | # dynamic DNS update. It is processed by the samba_dnsupdate script | ||
| + | A ${DNSDOMAIN} $IP | ||
| + | A ${HOSTNAME} $IP | ||
| + | AAAA ${DNSDOMAIN} $IP | ||
| + | AAAA ${HOSTNAME} $IP | ||
| + | |||
| + | A gc._msdcs.${DNSFOREST} $IP | ||
| + | AAAA gc._msdcs.${DNSFOREST} $IP | ||
| + | |||
| + | CNAME ${NTDSGUID}._msdcs.${DNSFOREST} ${HOSTNAME} | ||
| + | |||
| + | SRV _kpasswd._tcp.${DNSDOMAIN} ${HOSTNAME} 464 | ||
| + | SRV _kpasswd._udp.${DNSDOMAIN} ${HOSTNAME} 464 | ||
| + | |||
| + | SRV _kerberos._tcp.${DNSDOMAIN} ${HOSTNAME} 88 | ||
| + | SRV _kerberos._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 88 | ||
| + | SRV _kerberos._tcp.dc._msdcs.${DNSFOREST} ${HOSTNAME} 88 | ||
| + | SRV _kerberos._tcp.${SITE}._sites.${DNSDOMAIN} ${HOSTNAME} 88 | ||
| + | SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 88 | ||
| + | SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} ${HOSTNAME} 88 | ||
| + | |||
| + | SRV _kerberos._udp.${DNSDOMAIN} ${HOSTNAME} 88 | ||
| + | |||
| + | SRV _ldap._tcp.${DNSDOMAIN} ${HOSTNAME} 389 | ||
| + | SRV _ldap._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389 | ||
| + | SRV _ldap._tcp.dc._msdcs.${DNSFOREST} ${HOSTNAME} 389 | ||
| + | SRV _ldap._tcp.gc._msdcs.${DNSFOREST} ${HOSTNAME} 3268 | ||
| + | SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389 | ||
| + | SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389 | ||
| + | SRV _ldap._tcp.${SITE}._sites.${DNSDOMAIN} ${HOSTNAME} 389 | ||
| + | SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389 | ||
| + | SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} ${HOSTNAME} 389 | ||
| + | SRV _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST} ${HOSTNAME} 3268 | ||
| + | SRV _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} ${HOSTNAME} 389 | ||
| + | |||
| + | |||
| + | SRV _gc._tcp.${DNSFOREST} ${HOSTNAME} 3268 | ||
| + | SRV _gc._tcp.${SITE}._sites.${DNSFOREST} ${HOSTNAME} 3268 | ||
| + | *there are duplicate entries for the PDC(maybe for BDC as well) | ||
| + | *can find parameters ${DNSFOREST}, ${DNSDOMAIN}, ${DOMAINGUID}, ${HOSTNAME}, ${NTDSGUID}, ${SITE} by putting a few print statements in samba_dnsupdate | ||
==Find Variables== | ==Find Variables== | ||
| + | *patch for print statements to easily find variables | ||
--- samba_dnsupdate 2014-06-04 15:58:59.324101278 -0700 | --- samba_dnsupdate 2014-06-04 15:58:59.324101278 -0700 | ||
+++ /root/scripts_samba/samba_dnsupdate 2014-06-04 15:41:38.683189142 -0700 | +++ /root/scripts_samba/samba_dnsupdate 2014-06-04 15:41:38.683189142 -0700 | ||
| Line 21: | Line 63: | ||
- print "INFO: DOMAINGUID is :: %s" % vars['DOMAINGUID'] | - print "INFO: DOMAINGUID is :: %s" % vars['DOMAINGUID'] | ||
am_rodc = samdb.am_rodc() | am_rodc = samdb.am_rodc() | ||
| + | * run the following to get just what you need | ||
| + | samba_dnsupdate --verbose | grep "INFO:" | ||
| + | *will spit out the variables needed to be added into DNS | ||
| + | ==Check all DNS entries(WIP)== | ||
| + | #!/bin/bash | ||
| + | |||
| + | #fill in variables | ||
| + | DNSDOMAIN= | ||
| + | DNSFOREST= | ||
| + | HOSTNAME= | ||
| + | NTDSGUID= | ||
| + | SITE= | ||
| + | DOMAINGUID= | ||
| + | |||
| + | COMM="host -t" | ||
| + | |||
| + | $COMM SRV _kpasswd._tcp.${DNSDOMAIN} | ||
| + | $COMM SRV _kpasswd._udp.${DNSDOMAIN} | ||
| + | |||
| + | $COMM SRV _kerberos._tcp.${DNSDOMAIN} | ||
| + | $COMM SRV _kerberos._tcp.dc._msdcs.${DNSDOMAIN} | ||
| + | $COMM SRV _kerberos._tcp.dc._msdcs.${DNSFOREST} | ||
| + | $COMM SRV _kerberos._tcp.${SITE}._sites.${DNSDOMAIN} | ||
| + | $COMM SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} | ||
| + | $COMM SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} | ||
| + | |||
| + | $COMM SRV _kerberos._udp.${DNSDOMAIN} | ||
| + | |||
| + | $COMM SRV _ldap._tcp.${DNSDOMAIN} | ||
| + | $COMM SRV _ldap._tcp.dc._msdcs.${DNSDOMAIN} | ||
| + | $COMM SRV _ldap._tcp.dc._msdcs.${DNSFOREST} | ||
| + | $COMM SRV _ldap._tcp.gc._msdcs.${DNSFOREST} | ||
| + | $COMM SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} | ||
| + | $COMM SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} | ||
| + | $COMM SRV _ldap._tcp.${SITE}._sites.${DNSDOMAIN} | ||
| + | $COMM SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} | ||
| + | $COMM SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} | ||
| + | $COMM SRV _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST} | ||
| + | $COMM SRV _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} | ||
| + | |||
| + | $COMM SRV _gc._tcp.${DNSFOREST} | ||
| + | $COMM SRV _gc._tcp.${SITE}._sites.${DNSFOREST} | ||
| + | *running the script will show you all entires that are in and which are not | ||
Latest revision as of 15:29, 4 June 2014
DNS Entries for PDC
- file located at /usr/local/samba/private/dns_update_list
# this is a list of DNS entries which will be put into DNS using
# dynamic DNS update. It is processed by the samba_dnsupdate script
A ${DNSDOMAIN} $IP
A ${HOSTNAME} $IP
AAAA ${DNSDOMAIN} $IP
AAAA ${HOSTNAME} $IP
A gc._msdcs.${DNSFOREST} $IP
AAAA gc._msdcs.${DNSFOREST} $IP
CNAME ${NTDSGUID}._msdcs.${DNSFOREST} ${HOSTNAME}
SRV _kpasswd._tcp.${DNSDOMAIN} ${HOSTNAME} 464
SRV _kpasswd._udp.${DNSDOMAIN} ${HOSTNAME} 464
SRV _kerberos._tcp.${DNSDOMAIN} ${HOSTNAME} 88
SRV _kerberos._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 88
SRV _kerberos._tcp.dc._msdcs.${DNSFOREST} ${HOSTNAME} 88
SRV _kerberos._tcp.${SITE}._sites.${DNSDOMAIN} ${HOSTNAME} 88
SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 88
SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} ${HOSTNAME} 88
SRV _kerberos._udp.${DNSDOMAIN} ${HOSTNAME} 88
SRV _ldap._tcp.${DNSDOMAIN} ${HOSTNAME} 389
SRV _ldap._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389
SRV _ldap._tcp.dc._msdcs.${DNSFOREST} ${HOSTNAME} 389
SRV _ldap._tcp.gc._msdcs.${DNSFOREST} ${HOSTNAME} 3268
SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389
SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389
SRV _ldap._tcp.${SITE}._sites.${DNSDOMAIN} ${HOSTNAME} 389
SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389
SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} ${HOSTNAME} 389
SRV _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST} ${HOSTNAME} 3268
SRV _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} ${HOSTNAME} 389
SRV _gc._tcp.${DNSFOREST} ${HOSTNAME} 3268
SRV _gc._tcp.${SITE}._sites.${DNSFOREST} ${HOSTNAME} 3268
- there are duplicate entries for the PDC(maybe for BDC as well)
- can find parameters ${DNSFOREST}, ${DNSDOMAIN}, ${DOMAINGUID}, ${HOSTNAME}, ${NTDSGUID}, ${SITE} by putting a few print statements in samba_dnsupdate
Find Variables
- patch for print statements to easily find variables
--- samba_dnsupdate 2014-06-04 15:58:59.324101278 -0700
+++ /root/scripts_samba/samba_dnsupdate 2014-06-04 15:41:38.683189142 -0700
@@ -271,17 +271,9 @@ def get_subst_vars(samdb):
vars['HOSTNAME'] = samdb.host_dns_name()
vars['NTDSGUID'] = samdb.get_ntds_GUID()
vars['SITE'] = samdb.server_site_name()
- if opts.verbose:
- print "INFO: DNSDOMAIN is :: %s" % vars['DNSDOMAIN']
- print "INFO: DNSFOREST is :: %s" % vars['DNSFOREST']
- print "INFO: HOSTNAME is :: %s" % vars['HOSTNAME']
- print "INFO: NTDSGUID is :: %s" % vars['NTDSGUID']
- print "INFO: SITE is :: %s" % vars['SITE']
res = samdb.search(base=samdb.get_default_basedn(), scope=SCOPE_BASE, attrs=["objectGUID"])
guid = samdb.schema_format_value("objectGUID", res[0]['objectGUID'][0])
vars['DOMAINGUID'] = guid
- if opts.verbose:
- print "INFO: DOMAINGUID is :: %s" % vars['DOMAINGUID']
am_rodc = samdb.am_rodc()
- run the following to get just what you need
samba_dnsupdate --verbose | grep "INFO:"
- will spit out the variables needed to be added into DNS
Check all DNS entries(WIP)
#!/bin/bash
#fill in variables
DNSDOMAIN=
DNSFOREST=
HOSTNAME=
NTDSGUID=
SITE=
DOMAINGUID=
COMM="host -t"
$COMM SRV _kpasswd._tcp.${DNSDOMAIN}
$COMM SRV _kpasswd._udp.${DNSDOMAIN}
$COMM SRV _kerberos._tcp.${DNSDOMAIN}
$COMM SRV _kerberos._tcp.dc._msdcs.${DNSDOMAIN}
$COMM SRV _kerberos._tcp.dc._msdcs.${DNSFOREST}
$COMM SRV _kerberos._tcp.${SITE}._sites.${DNSDOMAIN}
$COMM SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN}
$COMM SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST}
$COMM SRV _kerberos._udp.${DNSDOMAIN}
$COMM SRV _ldap._tcp.${DNSDOMAIN}
$COMM SRV _ldap._tcp.dc._msdcs.${DNSDOMAIN}
$COMM SRV _ldap._tcp.dc._msdcs.${DNSFOREST}
$COMM SRV _ldap._tcp.gc._msdcs.${DNSFOREST}
$COMM SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}
$COMM SRV _ldap._tcp.pdc._msdcs.${DNSFOREST}
$COMM SRV _ldap._tcp.${SITE}._sites.${DNSDOMAIN}
$COMM SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN}
$COMM SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST}
$COMM SRV _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST}
$COMM SRV _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST}
$COMM SRV _gc._tcp.${DNSFOREST}
$COMM SRV _gc._tcp.${SITE}._sites.${DNSFOREST}
- running the script will show you all entires that are in and which are not
