From 96b2279a3d98d7424332e0fc13b953d22ad801ce Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sat, 15 Jan 2022 21:04:03 +0100 Subject: [PATCH] zmb-ad: fixed bind9 config --- src/zmb-ad/install-service.sh | 101 ++++++++++++++++++---------------- 1 file changed, 53 insertions(+), 48 deletions(-) diff --git a/src/zmb-ad/install-service.sh b/src/zmb-ad/install-service.sh index fb6a71d..c4c2845 100644 --- a/src/zmb-ad/install-service.sh +++ b/src/zmb-ad/install-service.sh @@ -22,51 +22,7 @@ for f in ${OPTIONAL_FEATURES[@]}; do elif [[ "$f" == "bind9dlz" ]]; then ZMB_DNS_BACKEND="BIND9_DLZ" ADDITIONAL_PACKAGES="bind9 $ADDITIONAL_PACKAGES" - ADDITIONAL_SERVICES="wsdd $ADDITIONAL_SERVICES" - # configure bind dns service - cat << EOF > /etc/default/bind9 -# -# run resolvconf? -RESOLVCONF=no - -# startup options for the server -OPTIONS="-4 -u bind" -EOF - - cat << EOF > /etc/bind/named.conf.local -// -// Do any local configuration here -// - -// Consider adding the 1918 zones here, if they are not used in your -// organization -//include "/etc/bind/zones.rfc1918"; -dlz "$LXC_DOMAIN" { - database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so"; -}; -EOF - - cat << EOF > /etc/bind/named.conf.options -options { - directory "/var/cache/bind"; - - forwarders { - $LXC_DNS; - }; - - allow-query { any;}; - dnssec-validation no; - - auth-nxdomain no; # conform to RFC1035 - listen-on-v6 { any; }; - listen-on { any; }; - - tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; - minimal-responses yes; -}; -EOF - - mkdir -p /var/lib/samba/bind-dns/dns + ADDITIONAL_SERVICES="bind9 $ADDITIONAL_SERVICES" else echo "Unsupported optional feature $f" fi @@ -111,13 +67,62 @@ DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg:: if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then cat << EOF > /etc/nginx/sites-available/default server { - listen 80; - server_name $LXC_DOMAIN default_server; + listen 80 default_server; + server_name _; return 301 http://www.$LXC_DOMAIN\$request_uri; } EOF fi +if [[ "$ADDITIONAL_PACKAGES" == *"bind9"* ]]; then + # configure bind dns service + cat << EOF > /etc/default/bind9 +# +# run resolvconf? +RESOLVCONF=no + +# startup options for the server +OPTIONS="-4 -u bind" +EOF + + cat << EOF > /etc/bind/named.conf.local +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; +dlz "$LXC_DOMAIN" { + database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so"; +}; +EOF + + cat << EOF > /etc/bind/named.conf.options +options { + directory "/var/cache/bind"; + + forwarders { + $LXC_DNS; + }; + + allow-query { any;}; + dnssec-validation no; + + auth-nxdomain no; # conform to RFC1035 + listen-on-v6 { any; }; + listen-on { any; }; + + tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; + minimal-responses yes; +}; +EOF + + mkdir -p /var/lib/samba/bind-dns/dns +fi + + + # stop + disable samba services and remove default config systemctl disable --now smbd nmbd winbind systemd-resolved rm -f /etc/samba/smb.conf @@ -129,7 +134,7 @@ samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAI cp /var/lib/samba/private/krb5.conf /etc/krb5.conf systemctl unmask samba-ad-dc -systemctl enable samba-ad-dc $ADDITIONAL_SERVICES +systemctl enable samba-ad-dc systemctl restart samba-ad-dc $ADDITIONAL_SERVICES exit 0 \ No newline at end of file