SAMBA 4 Installieren

Vorwort

Testsystem

  • Ubuntu 10.04 „Precise Pangolin“ LTS i386
  • SAMBA 4.0.0beta8-GIT-ba862f4
  • BIND 9.9.1.P2-retrosnub0+vjs197.15+precise0

Installation

BIND 9.9.1

Es funktioniert auch mit BIND 9.8.1, welcher aktuell in den offiziellen Ubuntu-Repositories angeboten wird, jedoch wollte ich den aktuellsten stabilen Build testen.

echo "deb http://ppa.launchpad.net/malcscott/bind9.9/ubuntu precise main" >> /etc/apt/sources.list.d/bind9.9.1
gpg --keyserver subkeys.pgp.net --recv-keys F3258C13
gpg -a --export F3258C13|apt-key add -
aptitude update
aptitude install bind9 dnsutils

SAMBA 4

aptitude install git acl python-dev libgcrypt11-dev libtalloc-dev libldb-dev \
libtevent-dev zlib1g-dev libacl1-dev libattr1-dev libblkid-dev libgnutls-dev \
libreadline-dev python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev
mkdir ~/code; cd ~/code
git clone git://git.samba.org/samba.git samba-master; cd samba-master
./configure.developer
make
make install

Konfiguration

System

/etc/fstab
# / was on /dev/sda1 during installation
UUID=9a238dc1-8873-442a-b875-94f3e2724cf3 /               ext4    errors=remount-ro,user_xattr,acl 0       1

AppArmor

/etc/apparmor.d/usr.sbin.named
  /usr/local/samba/private/** rkw,
  /usr/local/samba/private/dns/** rm,
  /usr/local/samba/lib/** rm,
  /usr/local/samba/lib/bind9/** rm,
  /usr/local/samba/lib/private/** rm,
  /usr/local/samba/etc/smb.conf rm,
  /var/tmp/** rwm,

SAMBA 4

/usr/local/samba/sbin/provision --realm=example.local --domain=EXAMPLE \
   --adminpass=EinStarkesPw123 --server-role=dc

BIND

/etc/bind/named.conf.local
//
// Do any local configuration here
//
 
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
 
include "/usr/local/samba/private/named.conf";
/etc/bind/named.conf.options
options {
        directory "/var/cache/bind";
 
        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
 
        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.
 
        forwarders {
                192.168.1.1;
        };
 
        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;
 
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};