The Samba-Bugzilla – Attachment 3095 Details for
Bug 5195
Unable to join WinXP to domain
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
/etc/bind/named.conf
named.conf (text/plain), 2.18 KB, created by
Sergey Belyashov
on 2008-01-13 07:31:25 UTC
(
hide
)
Description:
/etc/bind/named.conf
Filename:
MIME Type:
Creator:
Sergey Belyashov
Created:
2008-01-13 07:31:25 UTC
Size:
2.18 KB
patch
obsolete
>acl test.org { 192.168.0.0/24; }; >acl local { 127.0.0.0/8; }; > ># ># Insert these snippets into your named.conf or bind.conf to configure ># the BIND nameserver. ># >options { > directory "/var/bind"; > recursion true; > > forward first; > forwarders { > <some-provider's-IPs>; > }; > listen-on-v6 { none; }; > listen-on { 127.0.0.1; 192.168.0.130; }; > allow-query { local; test.org; }; > > pid-file "/var/run/named/named.pid"; > ># tkey-gssapi-credential "DNS/test.org"; ># tkey-domain "TEST.ORG"; >}; > >zone "." IN { > type hint; > file "named.ca"; >}; > >zone "localhost" IN { > type master; > file "pri/localhost.zone"; > allow-update { none; }; > notify no; >}; > >zone "127.in-addr.arpa" IN { > type master; > file "pri/127.zone"; > allow-update { none; }; > notify no; >}; > ># If you have a very recent BIND, supporting GSS-TSIG, ># insert this into options {} (otherwise omit, it is not required if we don't accept updates) >#tkey-gssapi-credential "DNS/test.org"; >#tkey-domain "TEST.ORG"; > ># You should always include the actual zone configuration reference: >zone "test.org" IN { > type master; > file "pri/test.org.zone"; > update-policy { > /* use ANY only for Domain controllers for now */ > /* for normal machines A AAAA PTR is probbaly all is needed */ > grant gentoolinux.test.org@TEST.ORG name gentoolinux.test.org ANY; > }; >}; > ># Also, you need to change your init scripts to set this environment variable ># for named: KRB5_KTNAME so that it points to the keytab generated. ># In RedHat derived systems such RHEL/CentOS/Fedora you can add the following ># line to the /etc/sysconfig/named file: ># export KRB5_KTNAME=/usr/local/samba/private/dns.keytab ># ># Please note that most distributions have BIND configured to run under ># a non-root user account. For example, Fedora Core 6 (FC6) runs BIND as ># the user "named" once the daemon relinquishes its rights. Therefore, ># the file "dns.keytab" must be readable by the user that BIND run as. ># If BIND is running as a non-root user, the "dns.keytab" file must have its ># permissions altered to allow the daemon to read it. In the FC6 ># example, execute the commands: ># ># chgrp named /usr/local/samba/private/dns.keytab ># chmod g+r /usr/local/samba/private/dns.keytab
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3095">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 5195
:
3094
| 3095 |
3096
|
3097