閱讀文章 - 精華區 FreeBSD

看板FreeBSD

標題BIND 9 for Windows 2000 AD

發信站松山工農電子科 (Sat Mar 15 22:52:00 2003)

轉信站Ptt!news.ntu!news.saihs!not-for-mail

為了要給 windows 2000 的AD用，找了一些資料，暫時好像可用了。因為我不知道正確的AD是如何的一種情況。我目前沒有使用 chroot。要疝N的是，開放update 功能後，不要要求檔案的內容了，因為電腦會幫你處理。:( //1. 先安裝 BIND 9 # cd /usr/ports/net/bind9 # make install clean --sysconfdir=/etc/namedb // 準備 chroot 的目錄，如不要者可略過 { # mkdir -p /var/chroot/named/etc/namedb # mkdir -p /var/chroot/named/dev # mkdir -p /var/chroot/named/var # cd /var/chroot # chown -R bind:bind named # chmod 700 named # cp /etc/localtime /var/chroot/named/etc # cp /etc/namedb/named.root /var/chroot/named/etc/namedb/ # cd /var/chroot/named/dev # mknod zero c 2 12 # mknod random c 2 4 # mknod null c 2 2 # chmod 666 zero random null // 移除既有的 /etc/namedb後，準備建立一個 symbolic 連結 # cd /etc # mv namedb namedb.old # ln -s /var/chroot/named/etc/namedb . // } //產生一個 rndc 用的 key，此key 與 named.conf 中的相同。 # rndc-confgen > /usr/local/etc/rndc.conf # chmod 700 /usr/local/etc/rndc.conf //取消 installworld 時會安裝 bind8的選頁。請放在 /etc/make.conf NO_BIND=true //加下列至/etc/rc.conf中 syslogd_flags="-s -l /var/chroot/named/dev/log" named_enable="YES" named_program="/usr/local/sbin/named" named_flags="-u bind -t /var/chroot/named -c /etc/namedb/named.conf" //不使用 chroot 的請用 named_flags="-u bind -c /etc/namedb/named.conf" 啟動 Bind 9 # /usr/local/sbin/named -u bind -t /var/chroot/named -c /etc/namedb/named.conf Restart with new parameters 用新參數重新啟動 syslogd # killall syslogd # syslogd -s -l /var/chroot/named/dev/log //2.設定要給 AD 用的 named.conf，請依環境修改下列設定 //=== named.conf 開始 acl "ADservers" { 10.10.10.2; 10.10.10.3 }; options { directory "/etc/namedb"; version "BIND 9 For AD"; allow-query { localnets; localhost; }; allow-recursion { localnets; localhost;}; pid-file "/etc/namedb/named.pid"; }; key "rndc-key" { algorithm hmac-md5; secret "1UYQX4Hs/bYer2ReYPQ8Eg=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; zone "." { type hint; file "named.root"; }; zone "10.10.10.in-addr.arpa" { type master; file "10.10.10.db"; allow-update {ADservers;}; }; zone "domain.com" { type master; file "domain.com.db"; check-names ignore; allow-update {ADservers;}; }; zone "_msdcs.domain.com" { type master; file "_msdcs.domain.com.db"; check-names ignore; allow-update {ADservers;}; }; zone "_sites.domain.com" { type master; file "_sites.domain.com.db"; check-names ignore; allow-update {ADservers;}; }; zone "_tcp.domain.com" { type master; file "_tcp.domain.com.db"; check-names ignore; allow-update {ADservers;}; }; zone "_udp.domain.com" { type master; file "_udp.domain.com.db"; check-names ignore; allow-update {ADservers;}; }; //=== named.conf 結束 //3.在 /etc/namedb 下加入AD用 _* 的檔案 //以 _tcp.domain.com 為範例，其它3個依樣處理 //=== _tcp.domain.com.db 開始 $ORIGIN . $TTL 86400 ; 1 day _tcp.domain.com IN SOA hostname.domain.com. hostmaster.domain.com. ( 2002010101 ; Todays serial 28800 ; refresh (8 hours) 7200 ; retry (2 hours) 2419200 ; expire (4 weeks) 86400 ; minimum (1 day) ) NS ns.domain.com. $ORIGIN _tcp.domain.com. //=== _tcp.domain.com.db 結束參考資料: http://freebsd.mu/freebsd/archives/000072.html http://ibiblio.org/gferg/ldp/BIND+AD-HOWTO/BIND+AD-HOWTO-2.html#ss2.1