mirror of
https://github.com/bashclub/zamba-lxc-toolbox.git
synced 2024-12-25 03:30:12 +01:00
zmb-ad: fixed bind9 config
This commit is contained in:
parent
17deebe9d5
commit
96b2279a3d
@ -22,51 +22,7 @@ for f in ${OPTIONAL_FEATURES[@]}; do
|
|||||||
elif [[ "$f" == "bind9dlz" ]]; then
|
elif [[ "$f" == "bind9dlz" ]]; then
|
||||||
ZMB_DNS_BACKEND="BIND9_DLZ"
|
ZMB_DNS_BACKEND="BIND9_DLZ"
|
||||||
ADDITIONAL_PACKAGES="bind9 $ADDITIONAL_PACKAGES"
|
ADDITIONAL_PACKAGES="bind9 $ADDITIONAL_PACKAGES"
|
||||||
ADDITIONAL_SERVICES="wsdd $ADDITIONAL_SERVICES"
|
ADDITIONAL_SERVICES="bind9 $ADDITIONAL_SERVICES"
|
||||||
# configure bind dns service
|
|
||||||
cat << EOF > /etc/default/bind9
|
|
||||||
#
|
|
||||||
# run resolvconf?
|
|
||||||
RESOLVCONF=no
|
|
||||||
|
|
||||||
# startup options for the server
|
|
||||||
OPTIONS="-4 -u bind"
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cat << EOF > /etc/bind/named.conf.local
|
|
||||||
//
|
|
||||||
// Do any local configuration here
|
|
||||||
//
|
|
||||||
|
|
||||||
// Consider adding the 1918 zones here, if they are not used in your
|
|
||||||
// organization
|
|
||||||
//include "/etc/bind/zones.rfc1918";
|
|
||||||
dlz "$LXC_DOMAIN" {
|
|
||||||
database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
|
|
||||||
};
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cat << EOF > /etc/bind/named.conf.options
|
|
||||||
options {
|
|
||||||
directory "/var/cache/bind";
|
|
||||||
|
|
||||||
forwarders {
|
|
||||||
$LXC_DNS;
|
|
||||||
};
|
|
||||||
|
|
||||||
allow-query { any;};
|
|
||||||
dnssec-validation no;
|
|
||||||
|
|
||||||
auth-nxdomain no; # conform to RFC1035
|
|
||||||
listen-on-v6 { any; };
|
|
||||||
listen-on { any; };
|
|
||||||
|
|
||||||
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
|
|
||||||
minimal-responses yes;
|
|
||||||
};
|
|
||||||
EOF
|
|
||||||
|
|
||||||
mkdir -p /var/lib/samba/bind-dns/dns
|
|
||||||
else
|
else
|
||||||
echo "Unsupported optional feature $f"
|
echo "Unsupported optional feature $f"
|
||||||
fi
|
fi
|
||||||
@ -111,13 +67,62 @@ DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::
|
|||||||
if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then
|
if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then
|
||||||
cat << EOF > /etc/nginx/sites-available/default
|
cat << EOF > /etc/nginx/sites-available/default
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80 default_server;
|
||||||
server_name $LXC_DOMAIN default_server;
|
server_name _;
|
||||||
return 301 http://www.$LXC_DOMAIN\$request_uri;
|
return 301 http://www.$LXC_DOMAIN\$request_uri;
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ "$ADDITIONAL_PACKAGES" == *"bind9"* ]]; then
|
||||||
|
# configure bind dns service
|
||||||
|
cat << EOF > /etc/default/bind9
|
||||||
|
#
|
||||||
|
# run resolvconf?
|
||||||
|
RESOLVCONF=no
|
||||||
|
|
||||||
|
# startup options for the server
|
||||||
|
OPTIONS="-4 -u bind"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat << EOF > /etc/bind/named.conf.local
|
||||||
|
//
|
||||||
|
// Do any local configuration here
|
||||||
|
//
|
||||||
|
|
||||||
|
// Consider adding the 1918 zones here, if they are not used in your
|
||||||
|
// organization
|
||||||
|
//include "/etc/bind/zones.rfc1918";
|
||||||
|
dlz "$LXC_DOMAIN" {
|
||||||
|
database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
|
||||||
|
};
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat << EOF > /etc/bind/named.conf.options
|
||||||
|
options {
|
||||||
|
directory "/var/cache/bind";
|
||||||
|
|
||||||
|
forwarders {
|
||||||
|
$LXC_DNS;
|
||||||
|
};
|
||||||
|
|
||||||
|
allow-query { any;};
|
||||||
|
dnssec-validation no;
|
||||||
|
|
||||||
|
auth-nxdomain no; # conform to RFC1035
|
||||||
|
listen-on-v6 { any; };
|
||||||
|
listen-on { any; };
|
||||||
|
|
||||||
|
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
|
||||||
|
minimal-responses yes;
|
||||||
|
};
|
||||||
|
EOF
|
||||||
|
|
||||||
|
mkdir -p /var/lib/samba/bind-dns/dns
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# stop + disable samba services and remove default config
|
# stop + disable samba services and remove default config
|
||||||
systemctl disable --now smbd nmbd winbind systemd-resolved
|
systemctl disable --now smbd nmbd winbind systemd-resolved
|
||||||
rm -f /etc/samba/smb.conf
|
rm -f /etc/samba/smb.conf
|
||||||
@ -129,7 +134,7 @@ samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAI
|
|||||||
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
|
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
|
||||||
|
|
||||||
systemctl unmask samba-ad-dc
|
systemctl unmask samba-ad-dc
|
||||||
systemctl enable samba-ad-dc $ADDITIONAL_SERVICES
|
systemctl enable samba-ad-dc
|
||||||
systemctl restart samba-ad-dc $ADDITIONAL_SERVICES
|
systemctl restart samba-ad-dc $ADDITIONAL_SERVICES
|
||||||
|
|
||||||
exit 0
|
exit 0
|
Loading…
Reference in New Issue
Block a user