Progress on dns_dlz. At least I got things loading. If I don't include the dlz info bind starts, but if I do I get: Sep 03 13:31:57 homebase.home.htt named[21920]: Loading 'AD DNS Zone' using driver dlopen Sep 03 13:31:58 homebase.home.htt named[21920]: samba_dlz: Failed to connect to /var/lib/samba/private/dns/sam.ldb permissions seem right: # ls -ls /var/lib/samba/private/dns/sam* 2944 -rw-rw---- 1 root named 3014656 Aug 27 18:07 /var/lib/samba/private/dns/sam.ldb /var/lib/samba/private/dns/sam.ldb.d: total 26312 8112 -rw-rw---- 1 root named 8306688 Aug 27 18:07 CN=CONFIGURATION,DC=HOME,DC=HTT.ldb 8236 -rw-rw---- 1 root named 8433664 Aug 27 18:07 CN=SCHEMA,CN=CONFIGURATION,DC=HOME,DC=HTT.ldb 4148 -rw-rw---- 2 root named 4247552 Aug 27 18:07 DC=DOMAINDNSZONES,DC=HOME,DC=HTT.ldb 4148 -rw-rw---- 2 root named 4247552 Aug 27 18:07 DC=FORESTDNSZONES,DC=HOME,DC=HTT.ldb 1256 -rw-rw---- 1 root named 1286144 Aug 27 18:07 DC=HOME,DC=HTT.ldb 412 -rw-rw---- 2 root named 421888 Aug 28 12:02 metadata.tdb The include is really simple: dlz "AD DNS Zone" { # For BIND 9.9.x database "dlopen /usr/lib/samba/bind9/dlz_bind9_9.so"; };
On 03/09/15 18:38, Robert Moskowitz wrote:> Progress on dns_dlz. At least I got things loading. If I don't > include the dlz info bind starts, but if I do I get: > > Sep 03 13:31:57 homebase.home.htt named[21920]: Loading 'AD DNS Zone' > using driver dlopen > Sep 03 13:31:58 homebase.home.htt named[21920]: samba_dlz: Failed to > connect to /var/lib/samba/private/dns/sam.ldb > > > permissions seem right: > > # ls -ls /var/lib/samba/private/dns/sam* > 2944 -rw-rw---- 1 root named 3014656 Aug 27 18:07 > /var/lib/samba/private/dns/sam.ldb > > /var/lib/samba/private/dns/sam.ldb.d: > total 26312 > 8112 -rw-rw---- 1 root named 8306688 Aug 27 18:07 > CN=CONFIGURATION,DC=HOME,DC=HTT.ldb > 8236 -rw-rw---- 1 root named 8433664 Aug 27 18:07 > CN=SCHEMA,CN=CONFIGURATION,DC=HOME,DC=HTT.ldb > 4148 -rw-rw---- 2 root named 4247552 Aug 27 18:07 > DC=DOMAINDNSZONES,DC=HOME,DC=HTT.ldb > 4148 -rw-rw---- 2 root named 4247552 Aug 27 18:07 > DC=FORESTDNSZONES,DC=HOME,DC=HTT.ldb > 1256 -rw-rw---- 1 root named 1286144 Aug 27 18:07 DC=HOME,DC=HTT.ldb > 412 -rw-rw---- 2 root named 421888 Aug 28 12:02 metadata.tdb > > The include is really simple: > > dlz "AD DNS Zone" { > > # For BIND 9.9.x > database "dlopen /usr/lib/samba/bind9/dlz_bind9_9.so"; > > }; > > >What are the permissions on /var/lib/samba/private/dns ? Rowland
On 09/03/2015 01:48 PM, Rowland Penny wrote:> On 03/09/15 18:38, Robert Moskowitz wrote: >> Progress on dns_dlz. At least I got things loading. If I don't >> include the dlz info bind starts, but if I do I get: >> >> Sep 03 13:31:57 homebase.home.htt named[21920]: Loading 'AD DNS Zone' >> using driver dlopen >> Sep 03 13:31:58 homebase.home.htt named[21920]: samba_dlz: Failed to >> connect to /var/lib/samba/private/dns/sam.ldb >> >> >> permissions seem right: >> >> # ls -ls /var/lib/samba/private/dns/sam* >> 2944 -rw-rw---- 1 root named 3014656 Aug 27 18:07 >> /var/lib/samba/private/dns/sam.ldb >> >> /var/lib/samba/private/dns/sam.ldb.d: >> total 26312 >> 8112 -rw-rw---- 1 root named 8306688 Aug 27 18:07 >> CN=CONFIGURATION,DC=HOME,DC=HTT.ldb >> 8236 -rw-rw---- 1 root named 8433664 Aug 27 18:07 >> CN=SCHEMA,CN=CONFIGURATION,DC=HOME,DC=HTT.ldb >> 4148 -rw-rw---- 2 root named 4247552 Aug 27 18:07 >> DC=DOMAINDNSZONES,DC=HOME,DC=HTT.ldb >> 4148 -rw-rw---- 2 root named 4247552 Aug 27 18:07 >> DC=FORESTDNSZONES,DC=HOME,DC=HTT.ldb >> 1256 -rw-rw---- 1 root named 1286144 Aug 27 18:07 DC=HOME,DC=HTT.ldb >> 412 -rw-rw---- 2 root named 421888 Aug 28 12:02 metadata.tdb >> >> The include is really simple: >> >> dlz "AD DNS Zone" { >> >> # For BIND 9.9.x >> database "dlopen /usr/lib/samba/bind9/dlz_bind9_9.so"; >> >> }; >> >> >> > > What are the permissions on /var/lib/samba/private/dns ?# ls -ls /var/lib/samba/private total 12484 4 drwxrwx--- 3 root named 4096 Aug 27 18:07 dns I fixed a recursion problem to get general forwarding working then reactiveated the include and this time the failure was a little more informative: Sep 03 13:56:30 homebase.home.htt named[22668]: Loading 'AD DNS Zone' using driver dlopen Sep 03 13:56:31 homebase.home.htt named[22668]: samba_dlz: Failed to connect to /var/lib/samba/private/dns/sam.ldb Sep 03 13:56:31 homebase.home.htt named[22668]: dlz_dlopen of 'AD DNS Zone' failed Sep 03 13:56:31 homebase.home.htt named[22668]: SDLZ driver failed to load. Sep 03 13:56:31 homebase.home.htt named[22668]: DLZ driver failed to load.
On Thu, 3 Sep 2015 13:38:55 -0400 Robert Moskowitz <rgm at htt-consult.com> wrote:> Progress on dns_dlz. At least I got things loading. If I don't > include the dlz info bind starts, but if I do I get: > > Sep 03 13:31:57 homebase.home.htt named[21920]: Loading 'AD DNS > Zone' using driver dlopen > Sep 03 13:31:58 homebase.home.htt named[21920]: samba_dlz: Failed > to connect to /var/lib/samba/private/dns/sam.ldb > > > permissions seem right:[snip] When I had that exact problem, I also had a apparmor message in the log. I added the appropriate apparmor config, restarted apparmor, and away it went. HTH. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <jimsun.LinxNet.com/contact/scform.php>.