Bind-9.11 is installed. How do you configure it? Does it need anything special in the config for samba to build the ...samba.../named.conf file that I should be able to include in my /etc/named.conf afterwards? My guess is that some directory is missing. But if I start fresh and configure samba with the internal dns it gets all the way through it's configuration with no errors. I've tried without named running and with it running and get the same error. Mayke something missing in the python scripts building the dns file. On Jul 10, 2017 12:48 AM, "Rowland Penny via samba" <samba at lists.samba.org> wrote:> On Sun, 9 Jul 2017 18:17:01 -0600 > Jeff Sadowski via samba <samba at lists.samba.org> wrote: > > > I am trying to setup samba as a dc using bind dlz > > > > I'm not sure how much I need to setup on bind before I can use it. I > > did the following check. > > > > [root at dc1 ~]# named -V | sed 's/ /\n/g'| grep '\-\-' |grep -e gssapi > > -e dlopen > > '--with-dlopen=yes' > > '--with-gssapi=yes' > > > > I am using the default config for samba that came with Fedora Rawhide. > > I wanted to try out the newly built samba-4.7rc1 that was recently > > built with ad support for it. > > > > I'm willing to try out a few things. I'll do the internal dns if I > > can't get bind working but I wanted to try bind with dlz ike I have > > working in ubuntu. > > > > Here is what happens > > > > [root at dc1 ~]# named -V | sed 's/ /\n/g'| grep '\-\-' |grep -e gssapi > > -e dlopen > > '--with-dlopen=yes' > > '--with-gssapi=yes' > > [root at dc1 ~]# samba-tool domain provision --use-rfc2307 --interactive > > Realm: fedora.methanemaker.mooo.com > > Domain [fedora]: > > Server Role (dc, member, standalone) [dc]: > > DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) > > [SAMBA_INTERNAL]: BIND9_DLZ > > Administrator password: > > ... > > everything looks good till > > ... > > Failed to setup database for BIND, AD based DNS cannot be used > > ERROR(<type 'exceptions.OSError'>): uncaught exception - [Errno 2] No > > such file or directory > > File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", > > line 176, in _run > > return self.run(*args, **kwargs) > > File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", > > line 474, in run > > nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode) > > File > > "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", > > line 2175, in provision skip_sysvolacl=skip_sysvolacl) > > File > > "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", > > line 1836, in provision_fill targetdir=targetdir, > > fill_level=samdb_fill) File > > "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py", > > line 1162, in setup_ad_dns hostip6=hostip6, targetdir=targetdir) > > File > > "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py", > > line 1222, in setup_bind9_dns create_samdb_copy(samdb, logger, paths, > > names, names.domainsid, domainguid) > > File > > "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py", > > line 851, in create_samdb_copy os.path.join(dns_dir, "sam.ldb")) > > File "/usr/lib64/python2.7/site-packages/samba/tdb_util.py", line > > 36, in tdb_copy > > status = subprocess.call(tdbbackup_cmd, close_fds=True, > > shell=False) File "/usr/lib64/python2.7/subprocess.py", line 168, in > > call return Popen(*popenargs, **kwargs).wait() > > File "/usr/lib64/python2.7/subprocess.py", line 390, in __init__ > > errread, errwrite) > > File "/usr/lib64/python2.7/subprocess.py", line 1024, in > > _execute_child raise child_exception > > I normally just install Bind 9, then configure it, but do not start it > before provisioning Samba. > > What version of Bind is installed ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Maybe some python plugin's I need? On Jul 10, 2017 6:43 AM, "Jeff Sadowski" <jeff.sadowski at gmail.com> wrote:> Bind-9.11 is installed. How do you configure it? Does it need anything > special in the config for samba to build the ...samba.../named.conf file > that I should be able to include in my /etc/named.conf afterwards? > > My guess is that some directory is missing. But if I start fresh and > configure samba with the internal dns it gets all the way through it's > configuration with no errors. > > I've tried without named running and with it running and get the same > error. Mayke something missing in the python scripts building the dns file. > > On Jul 10, 2017 12:48 AM, "Rowland Penny via samba" <samba at lists.samba.org> > wrote: > >> On Sun, 9 Jul 2017 18:17:01 -0600 >> Jeff Sadowski via samba <samba at lists.samba.org> wrote: >> >> > I am trying to setup samba as a dc using bind dlz >> > >> > I'm not sure how much I need to setup on bind before I can use it. I >> > did the following check. >> > >> > [root at dc1 ~]# named -V | sed 's/ /\n/g'| grep '\-\-' |grep -e gssapi >> > -e dlopen >> > '--with-dlopen=yes' >> > '--with-gssapi=yes' >> > >> > I am using the default config for samba that came with Fedora Rawhide. >> > I wanted to try out the newly built samba-4.7rc1 that was recently >> > built with ad support for it. >> > >> > I'm willing to try out a few things. I'll do the internal dns if I >> > can't get bind working but I wanted to try bind with dlz ike I have >> > working in ubuntu. >> > >> > Here is what happens >> > >> > [root at dc1 ~]# named -V | sed 's/ /\n/g'| grep '\-\-' |grep -e gssapi >> > -e dlopen >> > '--with-dlopen=yes' >> > '--with-gssapi=yes' >> > [root at dc1 ~]# samba-tool domain provision --use-rfc2307 --interactive >> > Realm: fedora.methanemaker.mooo.com >> > Domain [fedora]: >> > Server Role (dc, member, standalone) [dc]: >> > DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) >> > [SAMBA_INTERNAL]: BIND9_DLZ >> > Administrator password: >> > ... >> > everything looks good till >> > ... >> > Failed to setup database for BIND, AD based DNS cannot be used >> > ERROR(<type 'exceptions.OSError'>): uncaught exception - [Errno 2] No >> > such file or directory >> > File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", >> > line 176, in _run >> > return self.run(*args, **kwargs) >> > File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", >> > line 474, in run >> > nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode) >> > File >> > "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", >> > line 2175, in provision skip_sysvolacl=skip_sysvolacl) >> > File >> > "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", >> > line 1836, in provision_fill targetdir=targetdir, >> > fill_level=samdb_fill) File >> > "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py", >> > line 1162, in setup_ad_dns hostip6=hostip6, targetdir=targetdir) >> > File >> > "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py", >> > line 1222, in setup_bind9_dns create_samdb_copy(samdb, logger, paths, >> > names, names.domainsid, domainguid) >> > File >> > "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py", >> > line 851, in create_samdb_copy os.path.join(dns_dir, "sam.ldb")) >> > File "/usr/lib64/python2.7/site-packages/samba/tdb_util.py", line >> > 36, in tdb_copy >> > status = subprocess.call(tdbbackup_cmd, close_fds=True, >> > shell=False) File "/usr/lib64/python2.7/subprocess.py", line 168, in >> > call return Popen(*popenargs, **kwargs).wait() >> > File "/usr/lib64/python2.7/subprocess.py", line 390, in __init__ >> > errread, errwrite) >> > File "/usr/lib64/python2.7/subprocess.py", line 1024, in >> > _execute_child raise child_exception >> >> I normally just install Bind 9, then configure it, but do not start it >> before provisioning Samba. >> >> What version of Bind is installed ? >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > >
On Mon, 10 Jul 2017 06:43:37 -0600 Jeff Sadowski <jeff.sadowski at gmail.com> wrote:> Bind-9.11 is installed. How do you configure it? Does it need anything > special in the config for samba to build the ...samba.../named.conf > file that I should be able to include in my /etc/named.conf > afterwards?With Fedora being a bit 'bleeding edge', I just wondered if they had started using Bind10, but 9.11 should be okay, Samba knows all about that version ;-)> > My guess is that some directory is missing. But if I start fresh and > configure samba with the internal dns it gets all the way through it's > configuration with no errors.Not sure, all I can tell you is what packages I install when creating a DC on Devuan: samba acl attr quota fam winbind libpam-winbind libpam-krb5 libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9 bind9utils> > I've tried without named running and with it running and get the same > error. Mayke something missing in the python scripts building the dns > file. >I just install Bind9, configure it, but do not start it. I then provision Samba. I then start Bind9 followed by Samba and it just works. Perhaps there is something wrong in your bind conf files ? Rowland
On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Mon, 10 Jul 2017 06:43:37 -0600 > Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > > > Bind-9.11 is installed. How do you configure it? Does it need anything > > special in the config for samba to build the ...samba.../named.conf > > file that I should be able to include in my /etc/named.conf > > afterwards? > > With Fedora being a bit 'bleeding edge', I just wondered if they had > started using Bind10, but 9.11 should be okay, Samba knows all about > that version ;-) > > > > > My guess is that some directory is missing. But if I start fresh and > > configure samba with the internal dns it gets all the way through it's > > configuration with no errors. > > Not sure, all I can tell you is what packages I install when creating a > DC on Devuan: > > samba acl attr quota fam winbind libpam-winbind libpam-krb5 > libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9 > bind9utils > > of course fedora would have all different package names.I avoided installing bind-chroot and bind-sdb-chroot.x86_64 as the bind dlz info on samba said not to chroot bind I'm not sure what bind99 libs are but I installed all other bind packages listed with "dnf list bind*" [root at dc1 ~]# dnf list dns* |grep -v i686 Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017 05:51:50 AM MDT. Installed Packages dnsjava.noarch 2.1.3-12.fc26 @rawhide Available Packages dnscap.x86_64 141-11.fc26 rawhide dnscrypt-proxy.x86_64 1.9.0-2.fc26 rawhide dnscrypt-proxy-gui.x86_64 1.11.10-1.fc27 rawhide dnsdist.x86_64 1.1.0-6.fc27 rawhide dnsenum.noarch 1.2.4.2-7.fc27 rawhide dnsjava-javadoc.noarch 2.1.3-12.fc26 rawhide dnsmap.x86_64 0.30-11.fc26 rawhide dnsmasq.x86_64 2.77-3.fc27 rawhide dnsmasq-utils.x86_64 2.77-3.fc27 rawhide dnsperf.x86_64 2.1.0.0-7.fc27 rawhide dnssec-check.x86_64 2.1-7.fc26 rawhide dnssec-nodes.x86_64 2.1-6.fc26 rawhide dnssec-system-tray.x86_64 2.1-6.fc26 rawhide dnssec-tools.x86_64 2.2-3.fc25 rawhide dnssec-tools-libs.x86_64 2.2-3.fc25 rawhide dnssec-tools-libs-devel.x86_64 2.2-3.fc25 rawhide dnssec-tools-perlmods.x86_64 2.2-3.fc25 rawhide dnssec-trigger.x86_64 0.13-3.fc27 rawhide dnssec-trigger-panel.x86_64 0.13-3.fc27 rawhide dnssec4j.noarch 0.1.6-3.fc26 rawhide dnssec4j-javadoc.noarch 0.1.6-3.fc26 rawhide dnstop.x86_64 20140915-4.fc26 rawhide dnstracer.x86_64 1.9-16.fc27 rawhide dnsyo.noarch 2.0.7-3.fc26 rawhide dnssec-tools look interesting but when I try to install those I get errors. [root at dc1 ~]# dnf install dnssec-* Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017 05:51:50 AM MDT. Error: Problem 1: conflicting requests - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by dnssec-tools-2.2-3.fc25.x86_64 Problem 2: conflicting requests - nothing provides libperl.so.5.24()(64bit) needed by dnssec-tools-perlmods-2.2-3.fc25.x86_64 I'll have to go plead with the package maintainer. Although I'm not sure even if I install those if that is really what it is complaining about. I wonder what tool the samba-tool uses. I'll have to go try and see if I can figure it out so I know what it is I really need. nothing interesting listing in lippam* I installed a lot of pam* that looks like what I might need. I have pam_krb5> > > I've tried without named running and with it running and get the same > > error. Mayke something missing in the python scripts building the dns > > file. > > > > I just install Bind9, configure it, but do not start it. I then > provision Samba. I then start Bind9 followed by Samba and it just > works. Perhaps there is something wrong in your bind conf files ? > >If i do a query against the local dns I get a return so it looks like when running it works fine. my named.conf looks like so options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; recursion yes; dnssec-enable yes; dnssec-validation yes; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; include "/etc/crypto-policies/back-ends/bind.config"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; /etc/crypto-policies/back-ends/bind.config looks like disable-algorithms "." { RSAMD5; }; disable-ds-digests "." { GOST; };> Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >