mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
37 lines
1.3 KiB
Plaintext
37 lines
1.3 KiB
Plaintext
#
|
|
# Insert these snippets into your named.conf or bind.conf to configure
|
|
# the BIND nameserver.
|
|
#
|
|
|
|
#insert this into options {}
|
|
tkey-gssapi-credential "DNS/${DNSDOMAIN}";
|
|
tkey-domain "${REALM}";
|
|
|
|
#the zone file
|
|
zone "${DNSDOMAIN}." IN {
|
|
type master;
|
|
file "${DNSDOMAIN}.zone";
|
|
update-policy {
|
|
/* use ANY only for Domain controllers for now */
|
|
/* for normal machines A AAAA PTR is probbaly all is needed */
|
|
grant ${HOSTNAME}.${DNSDOMAIN}@${REALM} name ${HOSTNAME}.${DNSDOMAIN} ANY;
|
|
};
|
|
};
|
|
|
|
# Also, you need to change your init scripts to set this environment variable
|
|
# for named: KRB5_KTNAME so that it points to the keytab generated.
|
|
# In RedHat derived systems such RHEL/CentOS/Fedora you can add the following
|
|
# line to the /etc/sysconfig/named file:
|
|
# export KRB5_KTNAME=${DNS_KEYTAB_ABS}
|
|
#
|
|
# Please note that most distributions have BIND configured to run under
|
|
# a non-root user account. For example, Fedora Core 6 (FC6) runs BIND as
|
|
# the user "named" once the daemon relinquishes its rights. Therefore,
|
|
# the file "${DNS_KEYTAB}" must be readable by the user that BIND run as.
|
|
# If BIND is running as a non-root user, the "${DNS_KEYTAB}" file must have its
|
|
# permissions altered to allow the daemon to read it. In the FC6
|
|
# example, execute the commands:
|
|
#
|
|
# chgrp named ${DNS_KEYTAB_ABS}
|
|
# chmod g+r ${DNS_KEYTAB_ABS}
|