zmb-ad: fixed bind9 config

This commit is contained in:
thorstenspille 2022-01-15 21:04:03 +01:00
parent 17deebe9d5
commit 96b2279a3d

View File

@ -22,51 +22,7 @@ for f in ${OPTIONAL_FEATURES[@]}; do
elif [[ "$f" == "bind9dlz" ]]; then elif [[ "$f" == "bind9dlz" ]]; then
ZMB_DNS_BACKEND="BIND9_DLZ" ZMB_DNS_BACKEND="BIND9_DLZ"
ADDITIONAL_PACKAGES="bind9 $ADDITIONAL_PACKAGES" ADDITIONAL_PACKAGES="bind9 $ADDITIONAL_PACKAGES"
ADDITIONAL_SERVICES="wsdd $ADDITIONAL_SERVICES" ADDITIONAL_SERVICES="bind9 $ADDITIONAL_SERVICES"
# configure bind dns service
cat << EOF > /etc/default/bind9
#
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-4 -u bind"
EOF
cat << EOF > /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
dlz "$LXC_DOMAIN" {
database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
};
EOF
cat << EOF > /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
forwarders {
$LXC_DNS;
};
allow-query { any;};
dnssec-validation no;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
listen-on { any; };
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
minimal-responses yes;
};
EOF
mkdir -p /var/lib/samba/bind-dns/dns
else else
echo "Unsupported optional feature $f" echo "Unsupported optional feature $f"
fi fi
@ -111,13 +67,62 @@ DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::
if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then
cat << EOF > /etc/nginx/sites-available/default cat << EOF > /etc/nginx/sites-available/default
server { server {
listen 80; listen 80 default_server;
server_name $LXC_DOMAIN default_server; server_name _;
return 301 http://www.$LXC_DOMAIN\$request_uri; return 301 http://www.$LXC_DOMAIN\$request_uri;
} }
EOF EOF
fi fi
if [[ "$ADDITIONAL_PACKAGES" == *"bind9"* ]]; then
# configure bind dns service
cat << EOF > /etc/default/bind9
#
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-4 -u bind"
EOF
cat << EOF > /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
dlz "$LXC_DOMAIN" {
database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
};
EOF
cat << EOF > /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
forwarders {
$LXC_DNS;
};
allow-query { any;};
dnssec-validation no;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
listen-on { any; };
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
minimal-responses yes;
};
EOF
mkdir -p /var/lib/samba/bind-dns/dns
fi
# stop + disable samba services and remove default config # stop + disable samba services and remove default config
systemctl disable --now smbd nmbd winbind systemd-resolved systemctl disable --now smbd nmbd winbind systemd-resolved
rm -f /etc/samba/smb.conf rm -f /etc/samba/smb.conf
@ -129,7 +134,7 @@ samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAI
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
systemctl unmask samba-ad-dc systemctl unmask samba-ad-dc
systemctl enable samba-ad-dc $ADDITIONAL_SERVICES systemctl enable samba-ad-dc
systemctl restart samba-ad-dc $ADDITIONAL_SERVICES systemctl restart samba-ad-dc $ADDITIONAL_SERVICES
exit 0 exit 0