In /usr/lib64/python2.7/site-packages/samba/provision/sambadns.py
Update: It is failing in create_samdb_copy specifically here:
# Copy root, config, schema partitions (and any other if any)
# Since samdb is open in the current process, copy them in a child
process
try:
tdb_copy(os.path.join(private_dir, "sam.ldb"),
os.path.join(dns_dir, "sam.ldb"))
for nc in partfile:
pfile = partfile[nc]
tdb_copy(os.path.join(private_dir, pfile),
os.path.join(dns_dir, pfile))
Let me try and figure out what his is doing and I'll write some prints to
find out what the culprit is.
On Mon, Jul 10, 2017 at 9:17 AM, Jeff Sadowski <jeff.sadowski at
gmail.com>
wrote:
> I found the file /usr/lib64/python2.7/site-packages/samba/provision/
> sambadns.py
> I was looking through it and seemed to come across the area where I am
> having problems.
>
> In the create_dns_dir function
>
> I wanted to see what paths.dns had and what dns_dir where getting set to.
>
> so I did a simple print and found
>
> paths.dir is set to /var/lib/samba/private/dns/
> fedora.methanemaker.mooo.com.zone
> and
> dns_dir is set to /var/lib/samba/private/dns
>
> next I check those directories
>
> [root at dc1 ~]# ls -l /var/lib/samba/private/dns/
> fedora.methanemaker.mooo.com.zone
> ls: cannot access
'/var/lib/samba/private/dns/fedora.methanemaker.mooo.com
> .zone': No such file or directory
> [root at dc1 ~]# mkdir -p /var/lib/samba/private/dns/
> fedora.methanemaker.mooo.com.zone
>
> it looks like samba-tool removes that directory
>
> I'll keep looking for the culprit in that function.
>
>
>
>
> On Mon, Jul 10, 2017 at 8:50 AM, Jeff Sadowski <jeff.sadowski at
gmail.com>
> wrote:
>
>>
>> On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba <
>> samba at lists.samba.org> wrote:
>>
>>> On Mon, 10 Jul 2017 06:43:37 -0600
>>> Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>>>
>>> > Bind-9.11 is installed. How do you configure it? Does it need
anything
>>> > special in the config for samba to build the
...samba.../named.conf
>>> > file that I should be able to include in my /etc/named.conf
>>> > afterwards?
>>>
>>> With Fedora being a bit 'bleeding edge', I just wondered if
they had
>>> started using Bind10, but 9.11 should be okay, Samba knows all
about
>>> that version ;-)
>>>
>>> >
>>> > My guess is that some directory is missing. But if I start
fresh and
>>> > configure samba with the internal dns it gets all the way
through it's
>>> > configuration with no errors.
>>>
>>> Not sure, all I can tell you is what packages I install when
creating a
>>> DC on Devuan:
>>>
>>> samba acl attr quota fam winbind libpam-winbind libpam-krb5
>>> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9
>>> bind9utils
>>>
>>> of course fedora would have all different package names.
>> I avoided installing bind-chroot and bind-sdb-chroot.x86_64 as the
bind
>> dlz info on samba
>> said not to chroot bind I'm not sure what bind99 libs are but I
installed
>> all other bind
>> packages listed with "dnf list bind*"
>>
>> [root at dc1 ~]# dnf list dns* |grep -v i686
>> Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017 05:51:50
>> AM MDT.
>> Installed Packages
>> dnsjava.noarch 2.1.3-12.fc26
>> @rawhide
>> Available Packages
>> dnscap.x86_64 141-11.fc26
>> rawhide
>> dnscrypt-proxy.x86_64 1.9.0-2.fc26
>> rawhide
>> dnscrypt-proxy-gui.x86_64 1.11.10-1.fc27
>> rawhide
>> dnsdist.x86_64 1.1.0-6.fc27
>> rawhide
>> dnsenum.noarch 1.2.4.2-7.fc27
>> rawhide
>> dnsjava-javadoc.noarch 2.1.3-12.fc26
>> rawhide
>> dnsmap.x86_64 0.30-11.fc26
>> rawhide
>> dnsmasq.x86_64 2.77-3.fc27
>> rawhide
>> dnsmasq-utils.x86_64 2.77-3.fc27
>> rawhide
>> dnsperf.x86_64 2.1.0.0-7.fc27
>> rawhide
>> dnssec-check.x86_64 2.1-7.fc26
>> rawhide
>> dnssec-nodes.x86_64 2.1-6.fc26
>> rawhide
>> dnssec-system-tray.x86_64 2.1-6.fc26
>> rawhide
>> dnssec-tools.x86_64 2.2-3.fc25
>> rawhide
>> dnssec-tools-libs.x86_64 2.2-3.fc25
>> rawhide
>> dnssec-tools-libs-devel.x86_64 2.2-3.fc25
>> rawhide
>> dnssec-tools-perlmods.x86_64 2.2-3.fc25
>> rawhide
>> dnssec-trigger.x86_64 0.13-3.fc27
>> rawhide
>> dnssec-trigger-panel.x86_64 0.13-3.fc27
>> rawhide
>> dnssec4j.noarch 0.1.6-3.fc26
>> rawhide
>> dnssec4j-javadoc.noarch 0.1.6-3.fc26
>> rawhide
>> dnstop.x86_64 20140915-4.fc26
>> rawhide
>> dnstracer.x86_64 1.9-16.fc27
>> rawhide
>> dnsyo.noarch 2.0.7-3.fc26
>> rawhide
>>
>> dnssec-tools look interesting but when I try to install those I get
>> errors.
>>
>> [root at dc1 ~]# dnf install dnssec-*
>> Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017 05:51:50
>> AM MDT.
>> Error:
>> Problem 1: conflicting requests
>> - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by
>> dnssec-tools-2.2-3.fc25.x86_64
>> Problem 2: conflicting requests
>> - nothing provides libperl.so.5.24()(64bit) needed by
>> dnssec-tools-perlmods-2.2-3.fc25.x86_64
>>
>> I'll have to go plead with the package maintainer. Although I'm
not sure
>> even if I install those if that is really what it is complaining about.
>> I wonder what tool the samba-tool uses. I'll have to go try and see
if I
>> can figure it out so I know what it is I really need.
>>
>> nothing interesting listing in lippam*
>> I installed a lot of pam* that looks like what I might need. I have
>> pam_krb5
>>
>>
>> >
>>> > I've tried without named running and with it running and
get the same
>>> > error. Mayke something missing in the python scripts building
the dns
>>> > file.
>>> >
>>>
>>> I just install Bind9, configure it, but do not start it. I then
>>> provision Samba. I then start Bind9 followed by Samba and it just
>>> works. Perhaps there is something wrong in your bind conf files ?
>>>
>>>
>> If i do a query against the local dns I get a return so it looks like
>> when running it works fine.
>>
>> my named.conf looks like so
>>
>> options {
>> listen-on port 53 { 127.0.0.1; };
>> listen-on-v6 port 53 { ::1; };
>> directory "/var/named";
>> dump-file "/var/named/data/cache_dump.db";
>> statistics-file "/var/named/data/named_stats.txt";
>> memstatistics-file
"/var/named/data/named_mem_stats.txt";
>> allow-query { localhost; };
>> recursion yes;
>> dnssec-enable yes;
>> dnssec-validation yes;
>> managed-keys-directory "/var/named/dynamic";
>> pid-file "/run/named/named.pid";
>> session-keyfile "/run/named/session.key";
>> include "/etc/crypto-policies/back-ends/bind.config";
>> };
>> logging {
>> channel default_debug {
>> file "data/named.run";
>> severity dynamic;
>> };
>> };
>> zone "." IN {
>> type hint;
>> file "named.ca";
>> };
>> include "/etc/named.rfc1912.zones";
>> include "/etc/named.root.key";
>>
>> /etc/crypto-policies/back-ends/bind.config looks like
>>
>> disable-algorithms "." {
>> RSAMD5;
>> };
>> disable-ds-digests "." {
>> GOST;
>> };
>>
>>
>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>
On Mon, Jul 10, 2017 at 9:45 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote:> In /usr/lib64/python2.7/site-packages/samba/provision/sambadns.py > > Update: It is failing in create_samdb_copy specifically here: > > # Copy root, config, schema partitions (and any other if any) > # Since samdb is open in the current process, copy them in a child > process > try: > tdb_copy(os.path.join(private_dir, "sam.ldb"), > os.path.join(dns_dir, "sam.ldb")) > for nc in partfile: > pfile = partfile[nc] > tdb_copy(os.path.join(private_dir, pfile), > os.path.join(dns_dir, pfile)) > > Let me try and figure out what his is doing and I'll write some prints to > find out what the culprit is. >I printed out os.path.join(private_dir, "sam.ldb") and os.path.join(dns_dir, "sam.ldb") they both look fine. From: /var/lib/samba/private/sam.ldb To: /var/lib/samba/private/dns/sam.ldb I put a print statement under tdb_copy that is not reached so the problem is there. Now to go find tdb_copy and see what it is complaining about. I see the line from samba.tdb_util import tdb_copy So I'm off to find that function and to see what it is complaining about.> > > On Mon, Jul 10, 2017 at 9:17 AM, Jeff Sadowski <jeff.sadowski at gmail.com> > wrote: > >> I found the file /usr/lib64/python2.7/site-packages/samba/provision/samb >> adns.py >> I was looking through it and seemed to come across the area where I am >> having problems. >> >> In the create_dns_dir function >> >> I wanted to see what paths.dns had and what dns_dir where getting set to. >> >> so I did a simple print and found >> >> paths.dir is set to /var/lib/samba/private/dns/ >> fedora.methanemaker.mooo.com.zone >> and >> dns_dir is set to /var/lib/samba/private/dns >> >> next I check those directories >> >> [root at dc1 ~]# ls -l /var/lib/samba/private/dns/fed >> ora.methanemaker.mooo.com.zone >> ls: cannot access '/var/lib/samba/private/dns/fe >> dora.methanemaker.mooo.com.zone': No such file or directory >> [root at dc1 ~]# mkdir -p /var/lib/samba/private/dns/fed >> ora.methanemaker.mooo.com.zone >> >> it looks like samba-tool removes that directory >> >> I'll keep looking for the culprit in that function. >> >> >> >> >> On Mon, Jul 10, 2017 at 8:50 AM, Jeff Sadowski <jeff.sadowski at gmail.com> >> wrote: >> >>> >>> On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba < >>> samba at lists.samba.org> wrote: >>> >>>> On Mon, 10 Jul 2017 06:43:37 -0600 >>>> Jeff Sadowski <jeff.sadowski at gmail.com> wrote: >>>> >>>> > Bind-9.11 is installed. How do you configure it? Does it need anything >>>> > special in the config for samba to build the ...samba.../named.conf >>>> > file that I should be able to include in my /etc/named.conf >>>> > afterwards? >>>> >>>> With Fedora being a bit 'bleeding edge', I just wondered if they had >>>> started using Bind10, but 9.11 should be okay, Samba knows all about >>>> that version ;-) >>>> >>>> > >>>> > My guess is that some directory is missing. But if I start fresh and >>>> > configure samba with the internal dns it gets all the way through it's >>>> > configuration with no errors. >>>> >>>> Not sure, all I can tell you is what packages I install when creating a >>>> DC on Devuan: >>>> >>>> samba acl attr quota fam winbind libpam-winbind libpam-krb5 >>>> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9 >>>> bind9utils >>>> >>>> of course fedora would have all different package names. >>> I avoided installing bind-chroot and bind-sdb-chroot.x86_64 as the bind >>> dlz info on samba >>> said not to chroot bind I'm not sure what bind99 libs are but I >>> installed all other bind >>> packages listed with "dnf list bind*" >>> >>> [root at dc1 ~]# dnf list dns* |grep -v i686 >>> Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017 05:51:50 >>> AM MDT. >>> Installed Packages >>> dnsjava.noarch 2.1.3-12.fc26 >>> @rawhide >>> Available Packages >>> dnscap.x86_64 141-11.fc26 >>> rawhide >>> dnscrypt-proxy.x86_64 1.9.0-2.fc26 >>> rawhide >>> dnscrypt-proxy-gui.x86_64 1.11.10-1.fc27 >>> rawhide >>> dnsdist.x86_64 1.1.0-6.fc27 >>> rawhide >>> dnsenum.noarch 1.2.4.2-7.fc27 >>> rawhide >>> dnsjava-javadoc.noarch 2.1.3-12.fc26 >>> rawhide >>> dnsmap.x86_64 0.30-11.fc26 >>> rawhide >>> dnsmasq.x86_64 2.77-3.fc27 >>> rawhide >>> dnsmasq-utils.x86_64 2.77-3.fc27 >>> rawhide >>> dnsperf.x86_64 2.1.0.0-7.fc27 >>> rawhide >>> dnssec-check.x86_64 2.1-7.fc26 >>> rawhide >>> dnssec-nodes.x86_64 2.1-6.fc26 >>> rawhide >>> dnssec-system-tray.x86_64 2.1-6.fc26 >>> rawhide >>> dnssec-tools.x86_64 2.2-3.fc25 >>> rawhide >>> dnssec-tools-libs.x86_64 2.2-3.fc25 >>> rawhide >>> dnssec-tools-libs-devel.x86_64 2.2-3.fc25 >>> rawhide >>> dnssec-tools-perlmods.x86_64 2.2-3.fc25 >>> rawhide >>> dnssec-trigger.x86_64 0.13-3.fc27 >>> rawhide >>> dnssec-trigger-panel.x86_64 0.13-3.fc27 >>> rawhide >>> dnssec4j.noarch 0.1.6-3.fc26 >>> rawhide >>> dnssec4j-javadoc.noarch 0.1.6-3.fc26 >>> rawhide >>> dnstop.x86_64 20140915-4.fc26 >>> rawhide >>> dnstracer.x86_64 1.9-16.fc27 >>> rawhide >>> dnsyo.noarch 2.0.7-3.fc26 >>> rawhide >>> >>> dnssec-tools look interesting but when I try to install those I get >>> errors. >>> >>> [root at dc1 ~]# dnf install dnssec-* >>> Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017 05:51:50 >>> AM MDT. >>> Error: >>> Problem 1: conflicting requests >>> - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by >>> dnssec-tools-2.2-3.fc25.x86_64 >>> Problem 2: conflicting requests >>> - nothing provides libperl.so.5.24()(64bit) needed by >>> dnssec-tools-perlmods-2.2-3.fc25.x86_64 >>> >>> I'll have to go plead with the package maintainer. Although I'm not sure >>> even if I install those if that is really what it is complaining about. >>> I wonder what tool the samba-tool uses. I'll have to go try and see if I >>> can figure it out so I know what it is I really need. >>> >>> nothing interesting listing in lippam* >>> I installed a lot of pam* that looks like what I might need. I have >>> pam_krb5 >>> >>> >>> > >>>> > I've tried without named running and with it running and get the same >>>> > error. Mayke something missing in the python scripts building the dns >>>> > file. >>>> > >>>> >>>> I just install Bind9, configure it, but do not start it. I then >>>> provision Samba. I then start Bind9 followed by Samba and it just >>>> works. Perhaps there is something wrong in your bind conf files ? >>>> >>>> >>> If i do a query against the local dns I get a return so it looks like >>> when running it works fine. >>> >>> my named.conf looks like so >>> >>> options { >>> listen-on port 53 { 127.0.0.1; }; >>> listen-on-v6 port 53 { ::1; }; >>> directory "/var/named"; >>> dump-file "/var/named/data/cache_dump.db"; >>> statistics-file "/var/named/data/named_stats.txt"; >>> memstatistics-file "/var/named/data/named_mem_stats.txt"; >>> allow-query { localhost; }; >>> recursion yes; >>> dnssec-enable yes; >>> dnssec-validation yes; >>> managed-keys-directory "/var/named/dynamic"; >>> pid-file "/run/named/named.pid"; >>> session-keyfile "/run/named/session.key"; >>> include "/etc/crypto-policies/back-ends/bind.config"; >>> }; >>> logging { >>> channel default_debug { >>> file "data/named.run"; >>> severity dynamic; >>> }; >>> }; >>> zone "." IN { >>> type hint; >>> file "named.ca"; >>> }; >>> include "/etc/named.rfc1912.zones"; >>> include "/etc/named.root.key"; >>> >>> /etc/crypto-policies/back-ends/bind.config looks like >>> >>> disable-algorithms "." { >>> RSAMD5; >>> }; >>> disable-ds-digests "." { >>> GOST; >>> }; >>> >>> >>> >>>> Rowland >>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >>> >>> >> >
OK so I don't have a program tdbbackup. Where do I get it? On Mon, Jul 10, 2017 at 10:38 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote:> > > On Mon, Jul 10, 2017 at 9:45 AM, Jeff Sadowski <jeff.sadowski at gmail.com> > wrote: > >> In /usr/lib64/python2.7/site-packages/samba/provision/sambadns.py >> >> Update: It is failing in create_samdb_copy specifically here: >> >> # Copy root, config, schema partitions (and any other if any) >> # Since samdb is open in the current process, copy them in a child >> process >> try: >> tdb_copy(os.path.join(private_dir, "sam.ldb"), >> os.path.join(dns_dir, "sam.ldb")) >> for nc in partfile: >> pfile = partfile[nc] >> tdb_copy(os.path.join(private_dir, pfile), >> os.path.join(dns_dir, pfile)) >> >> Let me try and figure out what his is doing and I'll write some prints to >> find out what the culprit is. >> > > I printed out os.path.join(private_dir, "sam.ldb") > and os.path.join(dns_dir, "sam.ldb") they both look fine. > > From: /var/lib/samba/private/sam.ldb > To: /var/lib/samba/private/dns/sam.ldb > > I put a print statement under tdb_copy that is not reached so the problem > is there. > Now to go find tdb_copy and see what it is complaining about. > > I see the line > > from samba.tdb_util import tdb_copy > > So I'm off to find that function and to see what it is complaining about. > > > >> >> >> On Mon, Jul 10, 2017 at 9:17 AM, Jeff Sadowski <jeff.sadowski at gmail.com> >> wrote: >> >>> I found the file /usr/lib64/python2.7/site-packages/samba/provision/samb >>> adns.py >>> I was looking through it and seemed to come across the area where I am >>> having problems. >>> >>> In the create_dns_dir function >>> >>> I wanted to see what paths.dns had and what dns_dir where getting set to. >>> >>> so I did a simple print and found >>> >>> paths.dir is set to /var/lib/samba/private/dns/ >>> fedora.methanemaker.mooo.com.zone >>> and >>> dns_dir is set to /var/lib/samba/private/dns >>> >>> next I check those directories >>> >>> [root at dc1 ~]# ls -l /var/lib/samba/private/dns/fed >>> ora.methanemaker.mooo.com.zone >>> ls: cannot access '/var/lib/samba/private/dns/fe >>> dora.methanemaker.mooo.com.zone': No such file or directory >>> [root at dc1 ~]# mkdir -p /var/lib/samba/private/dns/fed >>> ora.methanemaker.mooo.com.zone >>> >>> it looks like samba-tool removes that directory >>> >>> I'll keep looking for the culprit in that function. >>> >>> >>> >>> >>> On Mon, Jul 10, 2017 at 8:50 AM, Jeff Sadowski <jeff.sadowski at gmail.com> >>> wrote: >>> >>>> >>>> On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba < >>>> samba at lists.samba.org> wrote: >>>> >>>>> On Mon, 10 Jul 2017 06:43:37 -0600 >>>>> Jeff Sadowski <jeff.sadowski at gmail.com> wrote: >>>>> >>>>> > Bind-9.11 is installed. How do you configure it? Does it need >>>>> anything >>>>> > special in the config for samba to build the ...samba.../named.conf >>>>> > file that I should be able to include in my /etc/named.conf >>>>> > afterwards? >>>>> >>>>> With Fedora being a bit 'bleeding edge', I just wondered if they had >>>>> started using Bind10, but 9.11 should be okay, Samba knows all about >>>>> that version ;-) >>>>> >>>>> > >>>>> > My guess is that some directory is missing. But if I start fresh and >>>>> > configure samba with the internal dns it gets all the way through >>>>> it's >>>>> > configuration with no errors. >>>>> >>>>> Not sure, all I can tell you is what packages I install when creating a >>>>> DC on Devuan: >>>>> >>>>> samba acl attr quota fam winbind libpam-winbind libpam-krb5 >>>>> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9 >>>>> bind9utils >>>>> >>>>> of course fedora would have all different package names. >>>> I avoided installing bind-chroot and bind-sdb-chroot.x86_64 as the >>>> bind dlz info on samba >>>> said not to chroot bind I'm not sure what bind99 libs are but I >>>> installed all other bind >>>> packages listed with "dnf list bind*" >>>> >>>> [root at dc1 ~]# dnf list dns* |grep -v i686 >>>> Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017 05:51:50 >>>> AM MDT. >>>> Installed Packages >>>> dnsjava.noarch 2.1.3-12.fc26 >>>> @rawhide >>>> Available Packages >>>> dnscap.x86_64 141-11.fc26 >>>> rawhide >>>> dnscrypt-proxy.x86_64 1.9.0-2.fc26 >>>> rawhide >>>> dnscrypt-proxy-gui.x86_64 1.11.10-1.fc27 >>>> rawhide >>>> dnsdist.x86_64 1.1.0-6.fc27 >>>> rawhide >>>> dnsenum.noarch 1.2.4.2-7.fc27 >>>> rawhide >>>> dnsjava-javadoc.noarch 2.1.3-12.fc26 >>>> rawhide >>>> dnsmap.x86_64 0.30-11.fc26 >>>> rawhide >>>> dnsmasq.x86_64 2.77-3.fc27 >>>> rawhide >>>> dnsmasq-utils.x86_64 2.77-3.fc27 >>>> rawhide >>>> dnsperf.x86_64 2.1.0.0-7.fc27 >>>> rawhide >>>> dnssec-check.x86_64 2.1-7.fc26 >>>> rawhide >>>> dnssec-nodes.x86_64 2.1-6.fc26 >>>> rawhide >>>> dnssec-system-tray.x86_64 2.1-6.fc26 >>>> rawhide >>>> dnssec-tools.x86_64 2.2-3.fc25 >>>> rawhide >>>> dnssec-tools-libs.x86_64 2.2-3.fc25 >>>> rawhide >>>> dnssec-tools-libs-devel.x86_64 2.2-3.fc25 >>>> rawhide >>>> dnssec-tools-perlmods.x86_64 2.2-3.fc25 >>>> rawhide >>>> dnssec-trigger.x86_64 0.13-3.fc27 >>>> rawhide >>>> dnssec-trigger-panel.x86_64 0.13-3.fc27 >>>> rawhide >>>> dnssec4j.noarch 0.1.6-3.fc26 >>>> rawhide >>>> dnssec4j-javadoc.noarch 0.1.6-3.fc26 >>>> rawhide >>>> dnstop.x86_64 20140915-4.fc26 >>>> rawhide >>>> dnstracer.x86_64 1.9-16.fc27 >>>> rawhide >>>> dnsyo.noarch 2.0.7-3.fc26 >>>> rawhide >>>> >>>> dnssec-tools look interesting but when I try to install those I get >>>> errors. >>>> >>>> [root at dc1 ~]# dnf install dnssec-* >>>> Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017 05:51:50 >>>> AM MDT. >>>> Error: >>>> Problem 1: conflicting requests >>>> - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by >>>> dnssec-tools-2.2-3.fc25.x86_64 >>>> Problem 2: conflicting requests >>>> - nothing provides libperl.so.5.24()(64bit) needed by >>>> dnssec-tools-perlmods-2.2-3.fc25.x86_64 >>>> >>>> I'll have to go plead with the package maintainer. Although I'm not >>>> sure even if I install those if that is really what it is complaining about. >>>> I wonder what tool the samba-tool uses. I'll have to go try and see if >>>> I can figure it out so I know what it is I really need. >>>> >>>> nothing interesting listing in lippam* >>>> I installed a lot of pam* that looks like what I might need. I have >>>> pam_krb5 >>>> >>>> >>>> > >>>>> > I've tried without named running and with it running and get the same >>>>> > error. Mayke something missing in the python scripts building the dns >>>>> > file. >>>>> > >>>>> >>>>> I just install Bind9, configure it, but do not start it. I then >>>>> provision Samba. I then start Bind9 followed by Samba and it just >>>>> works. Perhaps there is something wrong in your bind conf files ? >>>>> >>>>> >>>> If i do a query against the local dns I get a return so it looks like >>>> when running it works fine. >>>> >>>> my named.conf looks like so >>>> >>>> options { >>>> listen-on port 53 { 127.0.0.1; }; >>>> listen-on-v6 port 53 { ::1; }; >>>> directory "/var/named"; >>>> dump-file "/var/named/data/cache_dump.db"; >>>> statistics-file "/var/named/data/named_stats.txt"; >>>> memstatistics-file "/var/named/data/named_mem_stats.txt"; >>>> allow-query { localhost; }; >>>> recursion yes; >>>> dnssec-enable yes; >>>> dnssec-validation yes; >>>> managed-keys-directory "/var/named/dynamic"; >>>> pid-file "/run/named/named.pid"; >>>> session-keyfile "/run/named/session.key"; >>>> include "/etc/crypto-policies/back-ends/bind.config"; >>>> }; >>>> logging { >>>> channel default_debug { >>>> file "data/named.run"; >>>> severity dynamic; >>>> }; >>>> }; >>>> zone "." IN { >>>> type hint; >>>> file "named.ca"; >>>> }; >>>> include "/etc/named.rfc1912.zones"; >>>> include "/etc/named.root.key"; >>>> >>>> /etc/crypto-policies/back-ends/bind.config looks like >>>> >>>> disable-algorithms "." { >>>> RSAMD5; >>>> }; >>>> disable-ds-digests "." { >>>> GOST; >>>> }; >>>> >>>> >>>> >>>>> Rowland >>>>> >>>>> -- >>>>> To unsubscribe from this list go to the following URL and read the >>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>> >>>> >>>> >>> >> >