Learning Bsd: 2013

Setting Up DYNAMIC DNS and DHCP ON OPENBSD5.1

The purpose here is to create a DNS + DHCP machine where the DNS is Automatically updated according to the IP allocated by the DHCP.

For the following purpose first we have to install the ISC-DHCP and remove the default shipped DHCP, as it does not have the feature to implement the Automatic DNS updation.

Package adding

#pkg_add http://ftp.openbsd.org/pub/OpenBSD/5.1/packages/amd64/isc-dhcp-server-4.2.3.2.tgz

Now replacing the executable

Run the following commands

#cd /sbin

#mkdir isc-dhcp-2.0

#mv dhclient isc-dhcp-2.0/

#mv dhclient-script isc-dhcp-2.0/

#mv /usr/local/sbin/dhclient-script dhclient-script

#mv /usr/local/sbin/dhclient dhclient

#cd /usr/sbin

#mkdir isc-dhcp-2.0

#mv dhcpd isc-dhcp-2.0/

#mv /usr/local/sbin/dhcpd dhcpd

#mv dhcrelay isc-dhcp-2.0/

#mv /usr/local/sbin/dhcrelay dhcrelay

#cd /usr/bin

#mv /usr/local/bin/omshell omshell

#cd /etc

#mkdir isc-dhcp-2.0

#mv dhclient.conf isc-dhcp-2.0/

#mv dhcpd.conf isc-dhcp-2.0/

#cp /usr/local/share/examples/isc-dhcp/dhclient.conf dhclient.conf

#cp /usr/local/share/examples/isc-dhcp/dhcpd.conf dhcpd.conf

Note:- If some some the above commands gives error like “no such file” or similar don’t panic just follow and complete the process and if encountered any error, visit logs J.

Now generating the Key and copying it to /var/named/etc/rndc.key

#rndc-confgen

#less /etc/rndc.key

key "rndc-key" {

algorithm hmac-md5;

secret "4XS+kgobLMI3WmmLWgmMsQ==";

};

Copy the above key and then run

#cp /etc/rndc.key /var/named/etc/rndc.key

Configuring the dhcpd.conf

/etc/dhcpd.conf

####################START####################################

authoritative; # No other DHCP servers on this subnet

ddns-update-style interim; #Supported update method - see man

using ddns

ignore client-updates; # Overwrite client configured FQHNs

ddns-domainname "example.com.";

ddns-rev-domainname "in-addr.arpa.";

allow unknown-clients;

###This is the key which we copied earlier, pasted here.

key "rndc-key" {

algorithm hmac-md5;

secret "4XS+kgobLMI3WmmLWgmMsQ==";

};

zone example.com. { # Forward zone to be updated

primary 127.0.0.1;

key rndc-key;

}

zone 8.168.192.in-addr.arpa. { # Backward zone to be updated

primary 127.0.0.1;

key rndc-key;

}

option subnet-mask 255.255.255.0;

default-lease-time 172800;

max-lease-time 1209600;

shared-network example {

subnet 192.168.8.0 netmask 255.255.255.0 {

range 192.168.8.40 192.168.8.250;

option subnet-mask 255.255.255.0;

option broadcast-address 192.168.8.255;

option routers 192.168.8.1;

option domain-name "example.com";

option domain-name-servers 192.168.8.1;

}

#############################END##############################

Here the DHCP is configured for only single subnet hence one can increase the number of networks he/she wants to use according to his/her choice

Setting up DNS Server

The following “named.conf” consist only the two zone files which has to be updated according to the DHCP allotment, one can also have many other zone files which are static not to be updated dynamically and has different domain names according to his/her suitability.

Putting the following to the /var/named/etc/named.conf

========================START=================================

// $OpenBSD: named-simple.conf,v 1.10 2009/11/02 21:12:56 jakob Exp $

// Example file for a simple named configuration, processing both

// recursive and authoritative queries using one cache.

// Update this list to include only the networks for which you want

// to execute recursive queries. The default setting allows all hosts

// on any IPv4 networks for which the system has an interface, and

// the IPv6 localhost address.

acl clients {

localnets;

::1;

};

options {

version ""; // remove this to allow version queries

listen-on { any; };

listen-on-v6 { any; };

empty-zones-enable yes;

allow-recursion { clients; };

};

logging {

category lame-servers { null; };

};

// Standard zones

zone "." {

type hint;

file "etc/root.hint";

};

zone "localhost" {

type master;

file "standard/localhost";

allow-transfer { localhost; };

};

zone "127.in-addr.arpa" {

type master;

file "standard/loopback";

allow-transfer { localhost; };

};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {

type master;

file "standard/loopback6.arpa";

allow-transfer { localhost; };

};

###This is the key which we copied earlier also pasted here

key "rndc-key" {

algorithm hmac-md5;

secret "4XS+kgobLMI3WmmLWgmMsQ==";

};

zone " example.com" IN {

type master;

file "master/ example.com.zone";

notify yes;

allow-update { key "rndc-key";};

};

zone "8.168.192.in-addr.arpa" IN {

type master;

file "master/8.168.192.zone";

notify yes;

allow-update { key "rndc-key"; };

};

================================END============================

the following in /var/named/master/example.com.zone

========================START=================================

$ORIGIN .

$TTL 86400 ; 1 day

example.com IN SOA example.com. root. example.com. (

2013034708 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

86400 ; minimum (1 day)

)

NS ns1.example.com.

$ORIGIN example.com.

$TTL 3600 ; 1 hour

================================END============================

the following in /var/named/master/8.168.192.zone

========================START=================================

ORIGIN .

$TTL 86400 ; 1 day

8.168.192.in-addr.arpa IN SOA example.com. root.example.com. (

2013032774 ; serial

10800 ; refresh (3 hours)

3600 ; retry (1 hour)

604800 ; expire (1 week)

86400 ; minimum (1 day)

)

NS ns1.example.com.

$ORIGIN 8.168.192.in-addr.arpa.

$TTL 3600 ; 1 hour

================================END============================

In the last changing the ownership of NAMED directory

#chown –R named:named /var/named/

And making dhcpd and named run on start up

Open /etc/rc.conf and search

dhcpd_flags=NO

dhcpd_flags=""

and

named_flags=NO

named_flags=""

Making OpenBSD as a LDAP Client

install login_ldap package:

# pkg_add login_ldap

After sucessfulling installing the “login_ldap” package open

# nano /etc/login.conf

And append the following lines in the last to make it authenticate via LDAP

ldap:\

:auth=-ldap:\

:x-ldap-server=ip of ldap server,,:\

:x-ldap-basedn=dc=your,dc=domain,dc=name:\

:x-ldap-filter=(&(objectclass=posixAccount)(uid=%u)):\

:tc=default:

look for details: man login_ldap

test it with:

# /usr/libexec/auth/login_-ldap -d -s login LDAP_USER ldap

Provide a existing LDAP username in place of LDAP_USER and then it will ask for password, provide it and it will display information and at the very last it will show “user bind success”, it means till now we are going great.

Now configuring YPLDAP

as OpenBSD has great support for YP using of ypldap provides soft integration of LDAP server.

use example in man: man ypldap.conf
configure it in

# nano /etc/ypldap.conf

you should have something like this:

# $OpenBSD: ypldap.conf,v 1.2 2011/08/28 11:53:16 aschrijver Exp $

domain "your domain name"

interval 60

provide map "passwd.byname"

provide map "passwd.byuid"

provide map "group.byname"

provide map "group.bygid"

directory "ip of ldap server" {

# directory options

binddn "cn=root,dc=your,dc=domain,dc=name"

bindcred "secret"

basedn "dc=your,dc=domain,dc=name"

# passwd maps configuration (RFC 2307 posixAccount object class)

passwd filter "(objectClass=posixAccount)"

attribute name maps to "uid"

fixed attribute passwd "*"

attribute uid maps to "uidNumber"

attribute gid maps to "gidNumber"

attribute gecos maps to "cn"

attribute home maps to "homeDirectory"

attribute shell maps to "loginShell"

fixed attribute change "0"

fixed attribute expire "0"

fixed attribute class "ldap"

# group maps configuration (RFC 2307 posixGroup object class)

group filter "(objectClass=posixGroup)"

attribute groupname maps to "cn"

fixed attribute grouppasswd "*"

attribute groupgid maps to "gidNumber"

# memberUid returns multiple group members

list groupmembers maps to "memberUid"

}

test it with:

# ypldap –dv

It should display the ldap users and information and if it don't shows or you get any error don't panic just continue the further steps.

We should also keep in mind that here the setup is not over ssl.

Next setting ‘ypbind’ – create and maintain a binding to a YP server

add your domainname to /etc/defaultdomain

# echo ‘yourdomainname’ > /etc/defaultdomain

the standard way to enable YP passwd support in /etc/master.passwd is to add string: +:::::::::/bin/ksh

# nano /etc/master.passwd

At very last add:

+:::::::::/bin/ksh

Now

# nano /etc/groups

At very last add:

+:::

Now update the db of master.passwd :

# pwd_mkdb –p /etc/master.passwd

For automatic execution :

# nano /etc/rc

Search for ypldap, I think may be you should find it somewhere on line 414

Something like this near the ypldap, if we do not do this ‘ypbind’ will run before ‘ypldap’ and which will stuck our system at boot

start_daemon portmap

if [ X"`domainname`" != X"" ]; then

start_daemon ypserv ypbind yppasswdd

start_daemon ypldap mountd nfsd lockd statd amd

make it look like this:

start_daemon portmap

start_daemon ypldap mountd nfsd lockd statd amd

if [ X"`domainname`" != X"" ]; then

start_daemon ypserv ypbind yppasswdd

in simple word we are moving the location of the line

“start_daemon ypldap mountd nfsd lockd statd amd”

before :

“if [ X"`domainname`" != X"" ]; then

start_daemon ypserv ypbind yppasswdd

fi”

run ypbind before ypldap and also we have to specify this in /etc/rc.local

# nano /etc/rc.local

if [ X"${ypldap_flags}" != X"NO" ]; then

echo -n ' ypldap'; /usr/sbin/ypldap ${ypldap_flags} 1> /dev/null

echo -n ' ypbind'; ypbind

And to /etc/rc.conf.local:

# nano /etc/rc.conf.local

portmap=YES

ypldap_flags=""

now the last and important thing

Reboot.

Good luck, guys.

Learning Bsd

Translate

Monday 21 October 2013

SETTING UP DYNAMIC DNS AND DHCP ON OPENBSD5.1

Monday 11 March 2013

OpenBSD as LDAP Client