Key to DNS on Fedora with Windows

I finally (years overdue) got bind 9.6 to work with Windows clients.
All the documentation for any version BEFORE 9.6 is out-of-date, ignore it.

For the zone "wolfish.rouges.org" not (192.168.0.0)
1) make the zone db file owned by the named user
chown -R named:named /var/named/chroot/var/named
2) add the allow-updates attribute to the zone
3) add the check-names ignore; attribute to the zone.

WATCH THE SYNTAX!

The named.conf file is indented perversely, so it is difficult to put the attribute in the correct context.


zone "wolfish.rouges.org." IN {
allow-update {
localnets;
};
check-names ignore;
type master;
file "wolfish.rouges.org.db";
};


Epic Win.

VMWare would not work. I did an uninstall and a hard clean and reinstalled, but It was just one problem after another.
So I downloaded VirtualBox, and the rpm installed flawlessly.
I started the console, and configured it with a copy of my OLD virtual drives. I Tried to power it up, but that failed, as expected.
However, I then booted from a Windows 2000 install iso, and selected full repair.

Presto! it booted right up.

I could have saved a day if I had tried that first.

Beware ownership and permissions with kerberos

I think the issue I was having with kadmin was due to a hidden dot file being not readable by anyone but root.
I know it was A problem, but not if it was THE problem. Same permissions issue with the /var/log/kadmin.log file.
I hate to say it, but on Fedora, you (basically) have to do everything for Kerberos as root.

Procedure for installing 389.

Follow the procedure below. If anything bad happens, start over from 1.
0) Create unix user, make passwords, choose server and admin ports, etc.

1) IGNORE most of the wiki.

2) Stop running 389
service dirsrv-admin stop
service dirsrv stop

3) Use yum to uninstall old 389 packages.

4) Delete the old dirs:
rm -rf /usr/lib/dirsrv /usr/share/dirsrv /var/lib/dirsrv /var/lock/dirsrv

5) Use yum to install the new 389 packages

6) Run initial setup script:
/usr/sbin/setup-ds-admin.pl

7) To setup ssl, ensure that both servers are running, and execute:
/home/installerlocal/garage/setupssl2.sh /etc/dirsrv/slapd-trixter 11562

8) Restart servers with
service dirsrv-admin restart
service dirsrv restart

9) Start console with:
/usr/bin/389-console -u admin -w not3xch4n53 -a http://127.0.0.1:3407

They fixed the 389 install bug!

Well, that's amazing wondrous.
In the two days since I posted my comment on the install bug, the fix is available from yum.
HOORAY for open source projects! Microsoft takes years to release bug fixes.

VMWare woes

I need some king of golden ticket to continue on 389 server, so Its time to start on VMWare.
Of course, its installer does not work either.
They have an excuse, in that F11 is not fully supported. Sigh.

Yep, a 389 install bug

There is bug filed against this.
Seems pretty clear that this was never tested. I don't understand their release schedule. Instead of releasing 2-3 "versions" a year, they are better doing 1 every other year, make sure everything in the release works, and fully support it.
I have never had a new Fedora install work out-of-the-box.
Not once.

To fix this , one needs to comment out the following lines from /etc/dirsrv/admin-serv/httpd.conf

-LoadModule file_cache_module @moddir@/mod_file_cache.so
-LoadModule mem_cache_module @moddir@/mod_mem_cache.so

389 server install fail

This is the kind of thing that Microsoft does NOT fail at(as often):

Starting admin server . . .
output: httpd.worker: Syntax error on line 142 of /etc/dirsrv/admin-serv/httpd.conf: Cannot load /usr/lib/httpd/modules/mod_file_cache.so into server: /usr/lib/httpd/modules/mod_file_cache.so: cannot open shared object file: No such file or directory
Could not start the admin server. Error: 256
Failed to create and configure the admin server
Exiting . . .
Log file is '/tmp/setup5R7Gtb.log'
-------------------------------------------------------

How does this kind of bug happen?
Did they really never QA a new install?

Bug in Kerberos package ( or something)

I, and one other guy on the internet 4 years ago, have encountered a bug in the kerberos kadmin configuration.
When I try to add a user with kadmin, I get a this error:
Insufficient access to lock database

Hilariously, if I use strace to find out which file I can't lock, IT WORKS PERFECTLY.
I love software.

I'm going to continue onto LDAP, and hope this is a non-issue, after all, kadmin.local works fine.

bug in system-config-bind

system-config-bind has a bug creating CNAME records.
They come out like this:
IN 1H CNAME hg

instead of
hg CNAME trixter

What the hell.

Set ROOTDIR to /var/named/chroot in /etc/sysconfig/named

This is the key part in getting bind-chroot to "work".
It ticks me off that this is not the default behavior when installing the package.

Took 3 hours to get XDMCP working.

As usual I don't know what really fixed it.
I whacked around everywhere in /etc/gdm /etc/kde /etc/X11.
Some other time i'll figure it out.
For now I have lots of LDAP and KERBEROS to suffer through.

Crashes, need to setup XDMCP

The system hung. Yuck.
Plus there is a bug in XDMCP. Ynck yuck yuck
XDMCP bug
I used meld on /etc/gdm, but as I use KDM who knows?

First steps

Installed fwfstab -Editor for /etc/fstab
Mounted /dev/mapper/VolGroup00-LogVol00 on /fromlvm

Edited /etc/sudoers

Used meld to start melding /etc files.

Stuff to install on a blank slate F11 system

emacs
meld
groupupdate kde-desktop
yum-utils
yumex

LDAP kills network.

If I use the "system-config-authentication" tool to enable LDAP, my network becomes unreachable. I can't use telnet, ping, nor LDAP itself. I cannot connect to anything on the LAN.

Except the client host itself. Ping localhost, 127.0.0.1 and its own ip on the lan (192.168.0.20) work.

"system-config-authentication" changes 6 files:
nssswitch.conf, 4 files in pam.d, and sysconfig/authconfig.

Something causes intolerably slow performance in F11

During boot, setting up the message bus and sendmail both take over 10 min to get past.
avahi-deamon,HAL
After boot, the system is so slow that SSH connections time out.

I'm disabling sendmail, avahi-deamon, bluetooth,ip6tables,iptables,ntpdate.

I 'm also removing all bluetooth software.

LDAP or kerberos smashes server

I enabled LDAP and Kerberos, and not it takes over an hour to boot up and log on.
Can't log on with SSH,connection times out.

VMWare Tools on F11

Even if you've installed kernel-devel and kernel-headers, you must make a symbolic link :
su -c 'ln -s /usr/src/kernels/.- /usr/src/linux'

In my case it was:

ln -s /usr/src/kernels/2.6.29.6-217.2.8.fc11.i586 /usr/src/linux

This leave a mystery abouy the i686 arch though...

Stuck on Namerserver configuration

The config infrastructure on named has changes somehow, so copying the files from F7 to F11 has no effect.

Dang

Fedora 11 Server

I'm configuring a new Fedora LDAP/Kerberos/BDC. I'm trying everything on a virtual machine from VMWare first. Here are some of what I had to do:

)When installing from the ISO, disable all packages, BUT DO use/enable the latest update repositories. Otherwise, installation may fail, or you may never get it configured correctly.

)Be ready to fix the selinux problems, when you enable LDAP. You need at least
semanage port -a -t ldap_port_t -p tcp 11562
semanage port -a -t ldap_port_t -p udp 11562
setsebool -P allow_polyinstantiation 1

)remove the rhlgb from the kernel parameters in grub.conf