Ye's Blog

cpuburn  测试cpu稳定性
sudo apt-get install cpuburn
burnP6 || echo $? &    几核就开几个

 
burnintest  拷机软件  免费试用30天

 
iptop 流量监控工具
sudo apt-get install iptop

 
流量监控工具iptraf (功能强大)
sudo apt-get install iptraf

1、下载最新版windide
2、下载破解Python脚本，下载地址http://pan.baidu.com/s/1mgE3g60

3、破解方法

1. 安装WingIDE成功后启动，激活时输入license id CN123-12345-12345-12345

 
2) 点击Continue后弹框，拷贝框中的request code（即图中的RW518这个代码）

3. 修改Python脚本中的Request Code为刚才得到的Request Code值，运行脚本后得到激活码，填入即可成功注册

以下只能通过科学上网后才能实现
1、安装docker

http://www.docker.org.cn/book/install/26\_install-docker-trusty-14.04.html
http://docker.widuu.com/

2、安装etcd

https://github.com/coreos/etcd/releases/

3、安装golang

https://golang.org/dl/
http://wiki.ubuntu.org.cn/Golang
http://www.linuxdiyf.com/linux/8790.html

4、安装单机kubernetes

http://kubernetes.io/v1.0/docs/getting-started-guides/docker.html

https://github.com/kubernetes/kubernetes/releases

https://www.ustack.com/blog/kubernetes1/
http://blog.csdn.net/zhang\_\_jiayu/article/details/42745507
http://kubernetes.io/v1.0/

安装docker

curl -sSL https://get.docker.com/ | sh
sudo usermod -aG docker ywz

安装etcd

sudo nano /etc/environment

加入/opt/bin

mkdir /opt/bin curl -L https://github.com/coreos/etcd/releases/download/v2.2.1/etcd-v2.2.1-linux-amd64.tar.gz -o etcd-v2.2.1-linux-amd64.tar.gz
tar xzvf etcd-v2.2.1-linux-amd64.tar.gz
cd etcd-v2.2.1-linux-amd64 cp ./etcd /opt/bin

安装go语言

sudo add-apt-repository ppa:evarlast/golang1.5
sudo apt-get update
sudo apt-get install golang

安装单机kubernetes

wget https://github.com/kubernetes/kubernetes/releases/download/v1.2.0-alpha.2/kubernetes.tar.gz
tar -xvf  kubernetes.tar.gz
cd ~/kubernetes
安装客户端

sudo cp -a ./platforms/linux/amd64/kubectl /usr/bin

安装服务端

cd ~/kubernetes/server
tar -xvf kubernetes-server-linux-amd64.tar.gz
sudo cp -a ~/kubernetes/server/kubernetes/server/bin/* /opt/bin
cd ~/kubernetes/cluster/ubuntu/master
sudo cp ./init_scripts/* /etc/init.d/
sudo cp ./init_conf/* /etc/init/

安装upstart脚本

cd ~/kubernetes/cluster/ubuntu
sudo ./util.sh

验证 kubectl version

1、下载镜像并安装

https://wiki.freebsd.org/FreeBSD/arm/Raspberry%20Pi
http://raspbsd.org/raspberrypi.html

写入SD卡即可

2、freebsd基础配置

http://www.bigsea.com.cn/archives/1393/
1、使用root账号ssh登陆

ee /etc/ssh/sshd_config
加入
PermitRootLogin yes

2、设置静态路由

ee /etc/rc.conf
ifconfig_ue0=”inet 192.168.3.22 netmask 255.255.255.0”
defaultrouter=”192.168.3.1”

3、设置时间

cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo ‘ntpd_enable=”YES”‘ >> /etc/rc.conf
service ntpd start

4、设置swap分区

dd if=/dev/zero of=/usr/swap0 bs=1m count=128
chmod 0600 /usr/swap0
echo ‘md99 none swap sw,file=/usr/swap0 0 0’ >> /etc/fstab
swapon -aq

5、安装pkg install   (万年Operation timed out，没成功过T_T)

1. First install pkg by pkg-static.
    # fetch http://www.peach.ne.jp/archives/rpi/ports/rpi2/pkg-static
    # chmod 755 pkg-static
    # ./pkg-static add http://www.peach.ne.jp/archives/rpi/ports/rpi2/pkg.txz

2. Disable default repo by FreeBSD.conf.
    # mkdir -p /usr/local/etc/pkg/repos
    # echo “FreeBSD: { enabled: no }” > /usr/local/etc/pkg/repos/FreeBSD.conf

3. Install following rpi2.conf:
    # fetch http://www.peach.ne.jp/archives/rpi/rpi2.conf
    # mv rpi2.conf /usr/local/etc/pkg/repos
    # pkg update

用host -t srv _http._tcp.pkg.freebsd.org 得到的地址更新也是莫有用

wget https://github.com/houtianze/bypy/archive/master.zip

unzip master.zip -d bypy

cd bypy

sudo apt-get install python-pip

sudo pip install requests

sudo bypy.py info

出现网址

 打开网页，输入网址，出现授权码

 粘贴到终端里，然后按enter

搞定

参考：

https://github.com/houtianze/bypy

http://tieba.baidu.com/p/3439470932

2016.02.16
已改用OpenMediaVault。其他还有nas4free。这两个都可以在树莓派1代上运行，很不错。
xware自动启动

新建脚本(下面有)
sudo update-rc.d xunlei.sh defaults

选用archlinux是因为它支持树莓派B+。而且是字符界面也比较适合树莓派B+

1、安装

http://archlinuxarm.org/platforms/armv6/raspberry-pi

分2个区，一个作boot目录，一个作root目录，然后下载解压就算制作好了

fat32  100M

ext4    其余

wget http://archlinuxarm.org/os/ArchLinuxARM-rpi-latest.tar.gz

bsdtar -xpf ArchLinuxARM-rpi-latest.tar.gz -C root

sync

mv root/boot/* boot

默认账号有2个，root和alarm

2、基础设置

http://hugozhu.myalert.info/2013/03/09/setup-archliunx-on-raspberry-pi.html

https://wiki.archlinux.org/index.php/Systemd-networkd
更改时区

cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

设置静态地址
/etc/systemd/network/eth0.network

[Match]
Name=eth0

[Network]
#DHCP=yes
Address = 192.168.3.13/24
Gateway = 192.168.3.1

添加源

nano /etc/pacman.d/mirrorlist

Server = https://mirrors.ustc.edu.cn/archlinuxarm/$arch/$repo

更新源 pacman -Syy

添加用户

useradd ywz

passwd ywz

mkdir /home/ywz

chown ywz:ywz /home/ywz  

pacman -S sudo

visudo

ywz ALL=(ALL) NOPASSWD: ALL

设置无线网络
http://hugozhu.myalert.info/2013/03/09/setup-archliunx-on-raspberry-pi.html
https://wiki.archlinux.org/index.php/Wireless\_network\_configuration\_%28%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87%29

查看设备状况
dmesg | grep usbcore

registered new interface driver rtl8192cu

查看设备名
ls /sys/class/net

eth0  lo  wlan0

启用无线设备

ip link set wlan0 up

由于我用的是免驱的8188cus，所以不用安装驱动了。
其他网卡可以这么操作 如：pacman -S dkms-8188eu
连接无线网络

pacman -S wireless_tools 

会提示你安装其他相关插件，一起装了

wifi-menu

会产生一个配置文件(我的命名为Leaf)，放在/etc/netctl下面

编辑配置文件

Description=’A simple WPA encrypted wireless connection using a static IP’
Interface=wlan0
Connection=wireless
Security=wpa
ESSID=’Leaf’
Key=’zane1984#’
IP=static
Address=’192.168.3.22/24’
Gateway=’192.168.3.1’
DNS=(‘192.168.3.1’)
# Uncomment this if your ssid is hidden
Hidden=yes

配置文件是从/etc/netctl/examples/wireless-wpa-static 复制过来的
设置自启动

netctl enable Leaf

挂在移动硬盘

lsblk -o name,kname,uuid

mkdir /home/ywz/download
mount /dev/sdc /home/ywz/download

nano /etc/fstab

UUID=2db5ecf6-c374-4724-a27b-662b304f82a6       /home/ywz/download        ext4    defaults,noatime  0       0

3、安装samba，ntp

pacman -S samba ntp

mv /etc/samba/smb.conf{,-orig}

nano /etc/samba/smb.conf

[global]

    workgroup = WORKGROUP

    security = user

    guest account = ywz

    map to guest = bad user

    wins support = yes

    log level = 1

    max log size = 1000

[download]

    path = /home/ywz/download

    read only = no

    force user = ywz

    force group = ywz

    guest ok = yes

开机启动              systemctl enable smbd.service

添加samba用户  smbpasswd -a ywz

4、安装迅雷远程

http://dl.lazyzhu.com/file/Thunder/Xware/1.0.31/

http://lilin.hn.cn/2014102710272.html

http://www.linuxidc.com/Linux/2013-05/84748.htm

wget http://dl.lazyzhu.com/file/Thunder/Xware/1.0.31/Xware1.0.31\_armel\_v5te\_glibc.zip

pacman -S zip unzip

unzip Xware1.0.31_armel_v5te_glibc.zip -d xware

mv xware /opt/xware

./opt/xware/portal   会出来一个代码

打开 http://yuancheng.xunlei.com/ 后点添加，输入激活码即可

开机启动

nano /opt/xware/xunlei

#!/bin/sh

#

# Xunlei initscript

#

### BEGIN INIT INFO

# Provides:          xunlei

# Required-Start:    $network $local_fs $remote_fs

# Required-Stop::    $network $local_fs $remote_fs

# Should-Start:      $all

# Should-Stop:       $all

# Default-Start:     2 3 4 5

# Default-Stop:      0 1 6

# Short-Description: Start xunlei at boot time

# Description:       A downloader

### END INIT INFO

do_start()

{

        ./opt/xware/portal

}

do_stop()

{

        ./opt/xware/portal -s

}

case “$1” in

  start)

    do_start

    ;;

  stop)

    do_stop

    ;;

esac

nano /usr/lib/systemd/system/xunlei.service

[Unit]

Description=xunlei

ConditionPathExists=/opt/xware/xunlei

[Service]

Type=forking

ExecStart=/opt/xware/xunlei start

TimeoutSec=0

StandardOutput=tty

RemainAfterExit=yes

SysVStartPriority=99

[Install]
WantedBy=multi-user.target

systemctl enable xunlei.service  添加开机启动命令

systemctl status xunlei.service   可查看运行状况

5、aria2

https://wiki.archlinux.org/index.php/Aria2

http://aria2c.com/usage.html

http://www.eeboard.com/bbs/thread-22086-1-1.html

http://godloong.com/RaspberryPi/raspberrypi-nas-samba-baiduyun.html

http://blog.binux.me/2012/12/aria2-examples/

https://www.librehat.com/aria2-camouflage-utorrent-pt-download/
http://phpquan.com/arm/raspberry-pi-aria2-yaaw-downloader/

pacman -S aria2 nginx git

开机启动 systemctl enabel nginx    

安装Yaaw

cd /usr/share/nginx          

rm -rf html

git clone https://github.com/binux/yaaw.git     /usr/share/nginx/html/

配置aria2

mkdir /home/ywz/.aria2
cd /home/ywz/.aria2
touch aria2.conf    aria2.session    log.log
nano aria2.conf

####http://aria2c.com/usage.html####
enable-rpc=true
rpc-allow-origin-all=true
rpc-listen-all=true
rpc-secret=secret

bt-max-peers=96
listen-port=25236
enable-dht=false
enable-dht6=false
bt-enable-lpd=false
enable-peer-exchange=false
user-agent=uTorrent/341(109279400)(30888)
peer-id-prefix=-UT341-
seed-ratio=1.0
force-save=true
bt-hash-check-seed=true
bt-seed-unverified=true
bt-save-metadata=true

dir=/home/ywz/download
file-allocation=none
continue=true

max-concurrent-downloads=3
max-connection-per-server=5
split=5
disable-ipv6=true

input-file=/home/ywz/.aria2/aria2.session
save-session=/home/ywz/.aria2/aria2.session
log=/home/ywz/.aria2/log.log
log-level=warn

验证配置文件

aria2c –conf-path=/home/ywz/.aria2/aria2.conf

开机启动

https://github.com/GutenYe/systemd-units/tree/master/aria2 sudo nano /usr/lib/systemd/system/aria2.service

[Unit]
Description=Aria2 User Service by %u
After=network.target

[Service]
ExecStart=/usr/bin/aria2c –enable-rpc –rpc-listen-all –rpc-allow-origin-all –save-session /home/ywz/.aria2/aria2.session –input-file /home/ywz/.aria2/aria2.session –conf-path=/home/ywz/.aria2/aria2.conf

[Install]
WantedBy=default.target

sudo systemctl enable aria2.service

其他还支持百度网盘，旋风离线，迅雷离线。

http://token:secret@192.168.3.101:6800/jsonrpc

安装yaourt

https://wiki.archlinux.org/index.php/Yaourt\_%28%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87%29
pacman -S base-devel fakeroot sudo
安装 package-query

wget https://aur.archlinux.org/cgit/aur.git/snapshot/package-query.tar.gz
tar zxvf package-query.tar.gz
cd package-query

makepkg -si

安装 yaourt

wget https://aur.archlinux.org/cgit/aur.git/snapshot/yaourt.tar.gz
tar zxvf yaourt.tar.gz
cd yaourt
makepkg -si

安装monitorix

https://wiki.archlinux.org/index.php/Monitorix
https://linux.cn/article-3171-1.html
http://www.monitorix.org/documentation.html#3

yaourt monitorix  
或者

wget https://aur.archlinux.org/cgit/aur.git/snapshot/monitorix.tar.gz
tar zxvf monitorix.tar.gz
cd monitorix
makepkg -si

配置
/etc/monitorix/monitorix.conf

<httpd_builtin>
enabled = y

/etc/nginx/nginx.conf

server {
    listen       80;
    server_name  your.domain.com;

    location / {
       proxy_pass http://127.0.0.1:8080/;
       proxy_buffering off;
    }

    location ~ ^/monitorix/(.+\.png)$ {
        alias /srv/http/monitorix/$1;
    }
}

添加自启动
sudo su
systemctl enable monitorix.service

http://192.168.3.13:8080/monitorix

DLNA

pacman -S minidlna

nano /etc/minidlna

media_dir=/home/ywz/download

media_dir=A,/home/ywz/download

media_dir=P,/home/ywz/download

media_dir=V,/home/ywz/download

alsi

yaourt alsi

参考：

http://blogging.dragon.org.uk/samba4-ad-dc-on-ubuntu-14-04/
https://wiki.samba.org/index.php/DNS\_Backend\_BIND
http://blog.163.com/ywz\_306/blog/static/1325771120158137124386/

思路：

首先把bind_dlz，ntp，(openldap)等都设置好，
然后安装samba，
最后配置samba的时候把bind_dlz,openldap都带上即可

环境

服务器OS：UBUNTU14.04
服务器主机名：bind9
域：leaf.org
完整名字：bind9.leaf.org
mysql密码：123456
db名字：bind9dlz
服务器IP：192.168.122.41
网关：192.168.122.1

服务器名称及IP地址设置

cat /etc/hostname

bind9.leaf.org

cat /etc/hosts

127.0.0.1    bind9.leaf.org   bind9

cat /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address 192.168.122.41
    netmask 255.255.255.0
    gateway 192.168.122.1
    dns-nameservers 192.168.122.41 192.168.122.1 #bind配置完后把122.1去掉
    dns-search leaf.org

sudo reboot

一、BIND9_DLZ

http://blog.163.com/ywz\_306/blog/static/1325771120158137124386/

二、安装NTP服务

sudo apt-get install ntp

三、安装samba4

安装软件包
sudo apt-get install samba smbclient build-essential libacl1-dev libattr1-dev \ libblkid-dev libgnutls-dev libreadline-dev python-dev libpam0g-dev \ python-dnspython gdb pkg-config libpopt-dev libldap2-dev \ dnsutils libbsd-dev krb5-user docbook-xsl libcups2-dev ldb-tools

Kerberos设置的时候会跳出设置，依次是

Configuring Kerberos Authentication: LEAF.ORG
hostname of Kerberos servers in the BLACK.DRAGON.LAB: bind9
hostname of the Administrative (password changing) servers: bind9

配置
1、先移除原有smb.conf
sudo mv /etc/samba/smb.conf{,-orig}
sudo samba-tool domain provision –use-rfc2307 –interactive

Realm: LEAF.ORG
Domain: LEAF
Server Role: dc
DNS Backend: BIND_DLZ

配置/etc/samba/smb.conf

[global]里面加入

allow dns updates = nonsecure and secure
dns forwarder = 192.168.122.41

配置/var/lib/samba/private/named.conf

named -V
可以看到bind版本号为 BIND 9.9.5-3ubuntu0.5-Ubuntu

然后更改/var/lib/samba/private/named.conf
把9.8注销掉，启用9.9

dlz “AD DNS Zone” {
    # For BIND 9.8.0
   # database “dlopen /usr/lib/i386-linux-gnu/samba/bind9/dlz_bind9.so”;

    # For BIND 9.9.0
     database “dlopen /usr/lib/i386-linux-gnu/samba/bind9/dlz_bind9_9.so”;
};

配置/etc/bind/named.conf.options

options{}里面加入
tkey-gssapi-keytab “/var/lib/samba/private/dns.keytab”;

配置/etc/bind/named.conf

第二行加入include “/var/lib/samba/private/named.conf”;

配置权限sudo nano /etc/apparmor.d/usr.sbin.named

/usr/lib/i386-linux-gnu/ldb/** rwmk,
/usr/lib/i386-linux-gnu/samba/** rwmk,
/var/lib/samba/private/dns/** rwmk,
/var/lib/samba/private/named.conf r,
/var/lib/samba/private/dns.keytab r,
/var/tmp/* rw,
/dev/urandom rw,

sudo service apparmor reload

更改dns.keytab权限
sudo chgrp bind /var/lib/samba/private/dns.keytab
sudo chmod g+r /var/lib/samba/private/dns.keytab

删除/etc/bind/named.conf.local下的dlz全部内容。

sudo reboot。
至此，全部配完。

三、碰到的问题

检查bind问题

named -d 3 -f -g
named-checkconf

问题1：

open /var/lib/samba/private/named.conf permission denied

在/etc/apparmor.d/usr.sbin.named 加入以下内容
或者/etc/apparmor.d/local/usr.sbin.named加入以下内容

/usr/lib/i386-linux-gnu/ldb/** rwmk,
/usr/lib/i386-linux-gnu/samba/** rwmk,
/var/lib/samba/private/dns/** rwmk,
/var/lib/samba/private/named.conf r,
/var/lib/samba/private/dns.keytab r,
/var/tmp/* rw,
/dev/urandom rw,

sudo service apparmor reload

问题2：
‘dlz’ redefined near ‘dlz’

把原先加在nano /etc/bind/named.conf.local下的dlz全部删除即可

四、测试

smbclient -L localhost -U%

Domain=[LEAF] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]

    Sharename       Type      Comment
    ———       —-      ——-
    netlogon        Disk     
    sysvol          Disk     
    IPC$            IPC       IPC Service (Samba 4.1.6-Ubuntu)
Domain=[LEAF] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]

    Server               Comment
    ———            ——-

    Workgroup            Master
    ———            ——-
    WORKGROUP            BIND9

ywz@bind9:/var/log$ smbclient //localhost/netlogon -UAdministrator -c ‘ls’

Enter Administrator’s password:
Domain=[LEAF] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
  .                                   D        0  Tue Sep 15 17:42:22 2015
  ..                                  D        0  Tue Sep 15 17:42:31 2015

        60333 blocks of size 131072. 43559 blocks available

ywz@bind9:/var/log$ host -t SRV _ldap._tcp.leaf.org.

_ldap._tcp.leaf.org has SRV record 0 100 389 bind9.leaf.org.

ywz@bind9:/var/log$ host -t SRV _kerberos._udp.leaf.org.

_kerberos._udp.leaf.org has SRV record 0 100 88 bind9.leaf.org.

ywz@bind9:/var/log$ host -t A bind9.leaf.org.

bind9.leaf.org has address 192.168.122.41

ywz@bind9:/var/log$ kinit administrator

Password for administrator@LEAF.ORG:
Warning: Your password will expire in 41 days on Tue 27 Oct 2015 05:42:29 PM CST

ywz@bind9:/var/log$ klist

Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: administrator@LEAF.ORG

Valid starting       Expires              Service principal
09/16/2015 10:02:07  09/16/2015 20:02:07  krbtgt/LEAF.ORG@LEAF.ORG
    renew until 09/17/2015 10:02:03

ywz@bind9:/var/log$ samba-tool dns query bind9 LEAF.ORG @ ALL

  Name=, Records=3, Children=0
    SOA: serial=1, refresh=900, retry=600, expire=86400, minttl=0, ns=bind9.leaf.org., email=hostmaster.leaf.org. (flags=600000f0, serial=1, ttl=3600)
    NS: bind9.leaf.org. (flags=600000f0, serial=1, ttl=900)
    A: 192.168.122.41 (flags=600000f0, serial=1, ttl=900)
  Name=_msdcs, Records=0, Children=0
  Name=_sites, Records=0, Children=1
  Name=_tcp, Records=0, Children=4
  Name=_udp, Records=0, Children=2
  Name=bind9, Records=1, Children=0
    A: 192.168.122.41 (flags=f0, serial=1, ttl=900)
  Name=DomainDnsZones, Records=0, Children=2
  Name=ForestDnsZones, Records=0, Children=2

ywz@bind9:/var/log$ ping www.baidu.com

PING www.a.shifen.com (103.235.46.39) 56(84) bytes of data.
^C64 bytes from 103.235.46.39: icmp_seq=1 ttl=49 time=420 ms

-– www.a.shifen.com ping statistics —
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 420.071/420.071/420.071/0.000 ms

参考：

http://ubuntuforums.org/showthread.php?t=823578
http://ubuntuforums.org/showthread.php?p=11380598
http://bind-dlz.sourceforge.net/

环境

服务器OS：UBUNTU14.04
服务器主机名：bind9
域：leaf.org
完整名字：bind9.leaf.org
mysql密码：123456
db名字：bind9dlz
服务器IP：192.168.122.41
网关：192.168.122.1

服务器名称及IP地址设置

cat /etc/hostname

bind9.leaf.org

cat /etc/hosts

127.0.0.1    bind9.leaf.org   bind9

cat /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address 192.168.122.41
    netmask 255.255.255.0
    gateway 192.168.122.1
    dns-nameservers 192.168.122.41 192.168.122.1
    dns-search leaf.org

sudo reboot

1、安装带dlz功能的bind9

sudo su
apt-get install bind9
apt-get install bind9utils
apt-get remove bind9
apt-get build-dep bind9
apt-get install fakeroot
mkdir /home/ywz/bind9
cd /home/ywz/bind9
apt-get source bind9
apt-get install libpq-dev
apt-get install libmysqlclient-dev
apt-get install unixodbc unixodbc-dev
apt-get install mysql-server mysql-client

nano /home/ywz/bind9/bind9-9.9.5.dfsg/debian/rules

在configure-stamp:下面加入    –with-dlz-mysql \

然后制作软件包 dpkg-buildpackage -rfakeroot -b

然后安装：dpkg -i *.deb

bind9配置

nano /etc/bind/named.conf.options
加入

forwarders {

192.168.122.41；
192.168.122.1；

};

nano /etc/bind/named.conf.local
加入
dlz “Mysql zone” {
  database “mysql
   {host=127.0.0.1 dbname=bind9dlz user=root pass=123456}
   {select zone from dns_records where zone = ‘$zone$’}
   {select ttl, type, mx_priority, case when lower(type)=’txt’ then concat(‘\“‘, data, ‘\“‘) when lower(type) = ‘soa’ then concat_ws(‘ ‘, data, resp_person, serial, refresh, retry, expire, minimum) else data end from dns_records where zone = ‘$zone$’ and host = ‘$record$’}”;
};
或者
dlz “Mysql zone” {
   database “mysql
   {host=127.0.0.1 dbname=bind9dlz user=root pass=123456}
   {select zone from dns_records where zone = ‘$zone$’}
   {select ttl, type, mx_priority, case when lower(type)=’txt’ then concat(‘\“‘, data, ‘\“‘)
        when lower(type) = ‘soa’ then concat_ws(‘ ‘, data, resp_person, serial, refresh, retry, expire, minimum)
        else data end from dns_records where zone = ‘$zone$’ and host = ‘$record$’}
   {}
   {select ttl, type, host, mx_priority, case when lower(type)=’txt’ then
        concat(‘\“‘, data, ‘\“‘) else data end, resp_person, serial, refresh, retry, expire,
        minimum from dns_records where zone = ‘$zone$’}
   {select zone from xfr_table where zone = ‘$zone$’ and client = ‘$client$’}”;
};

mysql配置

mysql -u root -p
#建数据库
create database bind9dlz;
grant all privileges on bind9dlz.* to root@localhost identified by ‘123456’;
#建表
use bind9dlz;

CREATE TABLE `dns_records` (
  `id` int(11) NOT NULL auto_increment,
  `zone` varchar(64) default NULL,
  `host` varchar(64) default NULL,
  `type` varchar(8) default NULL,
  `data` varchar(64) default NULL,
  `ttl` int(11) NOT NULL default ‘3600’,
  `mx_priority` int(11) default NULL,
  `refresh` int(11) NOT NULL default ‘3600’,
  `retry` int(11) NOT NULL default ‘3600’,
  `expire` int(11) NOT NULL default ‘86400’,
  `minimum` int(11) NOT NULL default ‘3600’,
  `serial` bigint(20) NOT NULL default ‘2008082700’,
  `resp_person` varchar(64) NOT NULL default ‘ywz@163.com’,
  `primary_ns` varchar(64) NOT NULL default ‘bind9.leaf.org’,
  `data_count` int(11) NOT NULL default ‘0’,
  PRIMARY KEY  (`id`),
  KEY `host` (`host`),
  KEY `zone` (`zone`),
  KEY `type` (`type`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

#写入DNS记录 insert开头这四句
// for www.leaf.org to resolve to 192.168.122.41
insert into dns_records (zone, host, type, data, mx_priority) values (‘leaf.org’, ‘www’, ‘A’, ‘192.168.122.41’, null);

// for leaf.org to resolve to 192.168.122.41
insert into dns_records (zone, host, type, data, mx_priority) values (‘leaf.org’, ‘@’, ‘A’, ‘192.168.122.41’, null);

// for bind9.leaf.org to alias to www.leaf.org
// note the trailing period in the data field
insert into dns_records (zone, host, type, data, mx_priority) values (‘leaf.org’, ‘bing9’, ‘CNAME’, ‘www.leaf.org.', null);

// for mail for leaf.org to go to leaf.org
// note the trailing period in the data field
insert into dns_records (zone, host, type, data, mx_priority) values (‘leaf.org’, ‘@’, ‘MX’, ‘leaf.org.’, ‘0’);

insert into dns_records (zone, host, type, data, mx_priority) values (‘leaf.org’, ‘@’, ‘SOA’, ‘192.168.122.41’, 10800);
insert into dns_records (zone, host, type, data, mx_priority) values (‘leaf.org’, ‘@’, ‘NS’, ‘192.168.122.41’, null);

quit

验证

sudo /etc/init.d/bind9 start

dig @192.168.122.41 leaf.org

参考：
https://wiki.samba.org/index.php/Samba4/HOWTO/Join\_a\_domain\_as\_a\_DC
https://wiki.samba.org/index.php/Check\_and\_fix\_DNS\_entries\_on\_DC\_joins

环境：

服务器OS1：UBUNTU14.04
服务器主机名：sambadc
域：ye.org
完整名字：sambadc.ye.org
NETBIOS名：YE
域控管理员密码：Password0
服务器IP：192.168.122.30
网关：192.168.122.1

服务器OS2：UBUNTU14.04
服务器主机名：sambabdc
域：ye.org
完整名字：sambabdc.ye.org
NETBIOS名：YE
域控管理员密码：Password0
服务器IP：192.168.122.31
网关：192.168.122.1

服务器OS2及IP地址设置

cat /etc/hostname

sambabdc.ye.org

cat /etc/hosts

127.0.0.1       localhost.localdomain    localhost
192.168.122.31    sambabdc.ye.org    sambabdc

cat /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static

    address 192.168.122.31

    netmask 255.255.255.0
    gateway 192.168.122.1
    dns-nameservers 192.168.122.30
    dns-search ye.org

sudo reboot

测试dns设置：host -t -A sambadc.ye.org

安装samba

sudo apt-get install samba smbclient python-dev

安装Kerberos

sudo apt-get install krb5-user
sudo nano /etc/krb5.conf

[libdefaults]
    dns_lookup_realm = false
    dns_lookup_kdc = true
    default_realm = YE.ORG

kinit administrator
    Password for administrator@YE.ORG:
    Warning: Your password will expire in 41 days on Wed 21 Oct 2015 09:29:26 PM CST
klist
    Ticket cache: FILE:/tmp/krb5cc_1000
    Default principal: administrator@YE.ORG

    Valid starting       Expires              Service principal
    09/09/2015 23:44:49  09/10/2015 09:44:49  krbtgt/YE.ORG@YE.ORG
        renew until 09/10/2015 23:44:44

加入域

sudo su
mv /etc/samba/smb.conf /etc/samba/smb.conf-orig
samba-tool domain join ye.org DC -Uadministrator –realm=ye.org –dns-backend=SAMBA_INTERNAL

检查DNS条目

加host记录
测试：
host -t -A sambabdc.ye.org.

会出现 Host sambabdc.ye.org. not found: 3(NXDOMAIN) 之类的提示

加入：
samba-tool dns add SAMBADC ye.org SAMBABDC A 192.168.122.31 -Uadministrator

Password for [SAMDOM\administrator]: Password0
Record added successfully

加CNAME记录
sudo su
ldbsearch -H /var/lib/samba/private/sam.ldb ‘(invocationId=*)’ –cross-ncs objectguid

# record 1
dn: CN=NTDS Settings,CN=SAMBABDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ye,DC=org
objectGUID: 619eabd6-9d28-42d1-8a2f-d11ffacfa948

# record 2
dn: CN=NTDS Settings,CN=SAMBADC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ye,DC=org
objectGUID: f2de8425-5a1d-4e27-92ea-705b1039bbe6

# returned 2 records
# 2 entries
# 0 referrals

测试：
host -t CNAME 619eabd6-9d28-42d1-8a2f-d11ffacfa948._msdcs.ye.org.

Host 619eabd6-9d28-42d1-8a2f-d11ffacfa948._msdcs.ye.org. not found: 3(NXDOMAIN)

加入：
samba-tool dns add SAMBADC _msdcs.ye.org 619eabd6-9d28-42d1-8a2f-d11ffacfa948 CNAME SAMBABDC.ye.org -Uadministrator

Password for [SAMDOM\administrator]: passw0rd
Record added successfully

目录复制
samba-tool drs showrepl

Default-First-Site-Name\SAMBABDC
DSA Options: 0x00000001
DSA object GUID: 619eabd6-9d28-42d1-8a2f-d11ffacfa948
DSA invocationId: 5d417388-c68d-4784-8aa4-167c9a40a5b4

==== INBOUND NEIGHBORS ====

DC=ye,DC=org
    Default-First-Site-Name\SAMBADC via RPC
        DSA object GUID: f2de8425-5a1d-4e27-92ea-705b1039bbe6
        Last attempt @ Fri Sep 11 11:41:05 2015 CST was successful
        0 consecutive failure(s).
        Last success @ Fri Sep 11 11:41:05 2015 CST

CN=Configuration,DC=ye,DC=org
    Default-First-Site-Name\SAMBADC via RPC
        DSA object GUID: f2de8425-5a1d-4e27-92ea-705b1039bbe6
        Last attempt @ Fri Sep 11 11:41:06 2015 CST was successful
        0 consecutive failure(s).
        Last success @ Fri Sep 11 11:41:06 2015 CST

DC=ForestDnsZones,DC=ye,DC=org
    Default-First-Site-Name\SAMBADC via RPC
        DSA object GUID: f2de8425-5a1d-4e27-92ea-705b1039bbe6
        Last attempt @ Fri Sep 11 11:41:05 2015 CST was successful
        0 consecutive failure(s).
        Last success @ Fri Sep 11 11:41:05 2015 CST

CN=Schema,CN=Configuration,DC=ye,DC=org
    Default-First-Site-Name\SAMBADC via RPC
        DSA object GUID: f2de8425-5a1d-4e27-92ea-705b1039bbe6
        Last attempt @ Fri Sep 11 11:41:06 2015 CST was successful
        0 consecutive failure(s).
        Last success @ Fri Sep 11 11:41:06 2015 CST

DC=DomainDnsZones,DC=ye,DC=org
    Default-First-Site-Name\SAMBADC via RPC
        DSA object GUID: f2de8425-5a1d-4e27-92ea-705b1039bbe6
        Last attempt @ Fri Sep 11 11:41:05 2015 CST was successful
        0 consecutive failure(s).
        Last success @ Fri Sep 11 11:41:05 2015 CST

==== OUTBOUND NEIGHBORS ====

DC=ye,DC=org
    Default-First-Site-Name\SAMBADC via RPC
        DSA object GUID: f2de8425-5a1d-4e27-92ea-705b1039bbe6
        Last attempt @ NTTIME(0) was successful
        0 consecutive failure(s).
        Last success @ NTTIME(0)

CN=Configuration,DC=ye,DC=org
    Default-First-Site-Name\SAMBADC via RPC
        DSA object GUID: f2de8425-5a1d-4e27-92ea-705b1039bbe6
        Last attempt @ NTTIME(0) was successful
        0 consecutive failure(s).
        Last success @ NTTIME(0)

DC=ForestDnsZones,DC=ye,DC=org
    Default-First-Site-Name\SAMBADC via RPC
        DSA object GUID: f2de8425-5a1d-4e27-92ea-705b1039bbe6
        Last attempt @ NTTIME(0) was successful
        0 consecutive failure(s).
        Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=ye,DC=org
    Default-First-Site-Name\SAMBADC via RPC
        DSA object GUID: f2de8425-5a1d-4e27-92ea-705b1039bbe6
        Last attempt @ NTTIME(0) was successful
        0 consecutive failure(s).
        Last success @ NTTIME(0)

DC=DomainDnsZones,DC=ye,DC=org
    Default-First-Site-Name\SAMBADC via RPC
        DSA object GUID: f2de8425-5a1d-4e27-92ea-705b1039bbe6
        Last attempt @ NTTIME(0) was successful
        0 consecutive failure(s).
        Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection –
    Connection name: 435389c9-22f8-4ae0-aa1b-046cc684cb40
    Enabled        : TRUE
    Server DNS name : sambadc.ye.org
    Server DN name  : CN=NTDS Settings,CN=SAMBADC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ye,DC=org
        TransportType: RPC
        options: 0x00000001
Warning: No NC replicated for Connection!

更新DNS设置

/etc/network/interfaces on SAMBABDC
nameserver 192.168.122.30
nameserver 127.0.0.1
search ye.org
 
/etc/network/interfaces on SAMBADC
nameserver 192.168.122.31
nameserver 127.0.0.1
search ye.org

域控管理

参考

https://wiki.samba.org/index.php/Samba\_AD\_DC\_HOWTO
http://www.jadota.com/2013/01/installing-samba4-on-ubuntu-12-04/

环境：

服务器OS：UBUNTU14.04

服务器主机名：sambadc
域：ye.org
完整名字：sambadc.ye.org
NETBIOS名：YE
域控管理员密码：Password0
服务器IP：192.168.122.30
网关：192.168.122.1

客户端OS：winxp

192.168.122.110
255.255.255.0
192.168.122.1
-————————
192.168.122.30

管理端OS：win2003，win7

服务器名称及IP地址设置

cat /etc/hostname

sambadc.ye.org

cat /etc/hosts

127.0.0.1    sambadc.ye.org    sambadc

cat /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address 192.168.122.30
    netmask 255.255.255.0
    gateway 192.168.122.1
    dns-nameservers 192.168.122.30 192.168.122.1
    dns-search ye.org

sudo reboot

安装OPENSSH

sudo apt-get update
sudo apt-get install openssh-server

sudo reboot

安装NTP

http://chenpeng.info/html/241

sudo apt-get install ntp

安装SAMBA

sudo apt-get install build-essential libacl1-dev python-dev libldap2-dev pkg-config gdb libgnutls-dev libblkid-dev libreadline-dev libattr1-dev python-dnspython libpopt-dev libbsd-dev attr docbook-xsl libcups2-dev git      #只需要安装python-dev就可以，方便期间全部安装
sudo apt-get instajll samba
samba -V

Version 4.1.6-Ubuntu #查询samba版本号

sudo reboot

配置SAMBA

sudo mv /etc/samba/smb.conf    /etc/samba/smb.conf-orig

sudo su

samba-tool domain provision –use-rfc2307 –interactive

Realm: YE.ORG
Domain [YE]: YE
Server Role (dc, member, standalone) [dc]: dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write ‘none’ to disable forwarding) [192.168.122.30]: 192.168.122.1
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=ye,DC=org
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=ye,DC=org
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              sambadc
NetBIOS Domain:        YE
DNS Domain:            ye.org
DOMAIN SID:            S-1-5-21-3720594679-4085702030-3410277671

sudo nano  /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address 192.168.122.30
    netmask 255.255.255.0
    gateway 192.168.122.1
    dns-nameservers 192.168.122.30
    dns-search ye.org

sudo reboot

验证SAMBA

sudo apt-get install smbclient
smbclient -L localhost -U%

Domain=[YE] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]

    Sharename       Type      Comment
    ———       —-      ——-
    netlogon        Disk     
    sysvol          Disk     
    IPC$            IPC       IPC Service (Samba 4.1.6-Ubuntu)
Domain=[YE] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]

    Server               Comment
    ———            ——-

    Workgroup            Master
    ———            ——-
    WORKGROUP            SAMBA

smbclient //localhost/netlogon -U ‘administrator’

Enter administrator’s password:
Domain=[YE] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
smb: \> ls
  .                                   D        0  Wed Sep  9 21:29:19 2015
  ..                                  D        0  Wed Sep  9 21:29:27 2015

        60333 blocks of size 131072. 46075 blocks available

测试DNS

host -t SRV _ldap._tcp.ye.org.

_ldap._tcp.ye.org has SRV record 0 100 389 sambadc.ye.org.

host -t SRV _kerberos._udp.ye.org.

_kerberos._udp.ye.org has SRV record 0 100 88 sambadc.ye.org.

host -t A sambadc.ye.org.

sambadc.ye.org has address 192.168.122.30

安装Kerberos

sudo apt-get install krb5-user
kinit administrator
    Password for administrator@YE.ORG:
    Warning: Your password will expire in 41 days on Wed 21 Oct 2015 09:29:26 PM CST
klist
    Ticket cache: FILE:/tmp/krb5cc_1000
    Default principal: administrator@YE.ORG

    Valid starting       Expires              Service principal
    09/09/2015 23:44:49  09/10/2015 09:44:49  krbtgt/YE.ORG@YE.ORG
        renew until 09/10/2015 23:44:44

查看SAMBA配置文件

samba -b
Samba version: 4.1.6-Ubuntu
Build environment:
   Build host:  Linux lgw01-45 3.19.0-25-generic #26~14.04.1-Ubuntu SMP Fri Jul 24 21:16:20 UTC 2015 i686 i686 i686 GNU/Linux
Paths:
   BINDIR: /usr/bin
   SBINDIR: /usr/sbin
   CONFIGFILE: /etc/samba/smb.conf
   NCALRPCDIR: /var/run/samba/ncalrpc
   LOGFILEBASE: /var/log/samba
   LMHOSTSFILE: /etc/samba/lmhosts
   DATADIR: /usr/share
   MODULESDIR: /usr/lib/i386-linux-gnu/samba
   LOCKDIR: /var/run/samba
   STATEDIR: /var/lib/samba
   CACHEDIR: /var/cache/samba
   PIDDIR: /var/run/samba
PRIVATE_DIR: /var/lib/samba/private
   CODEPAGEDIR: /usr/share/samba/codepages
   SETUPDIR: /usr/share/samba/setup
   WINBINDD_SOCKET_DIR: /var/run/samba/winbindd
   WINBINDD_PRIVILEGED_SOCKET_DIR: /var/lib/samba/winbindd_privileged
   NTP_SIGND_SOCKET_DIR: /var/lib/samba/ntp_signd

XP加域
win2003安装管理工具包

http://www.microsoft.com/zh-CN/download/details.aspx?id=6315

win7安装管理工具包

http://www.microsoft.com/zh-CN/download/details.aspx?id=7887
https://wiki.samba.org/index.php/Installing\_RSAT