No, you need to use the correct path. Sadly Samba just created an empty sam.ldb where you pointed, rather than saying 'no such file or directory'. Andrew Bartlett On Fri, 2020-12-11 at 03:11 -0700, Dan Egli wrote:> So, since it looks from the bug that the problem is the ldb is > empty, > how can I generate one that would work? > > > On 12/11/2020 3:07 AM, Andrew Bartlett wrote: > > On Fri, 2020-12-11 at 03:00 -0700, Dan Egli via samba wrote: > > > So you're saying it really doen't matter which I use? Okay, I'll > > > just > > > use the one in private vs. the one in bind-dns. Now if I can only > > > figure > > > out why it's complaining about the sam.ldb file: > > After running samba_upgradedns then use the one in bind-dns. It > > should > > have the most recent password. > > > > > Dec 11 09:07:10 pluto named[733]: samba_dlz: Unable to get basedn > > > for > > > /var/lib/samba/private/dns/sam.ldb - NULL Base DN invalid for a > > > base > > > search > > We moved to /var/lib/samba/bind-dns/sam.ldb (but forget to update > > the > > keytab code, hence the rest of this). > > > > The error below is because I've not yet backported: > > https://bugzilla.samba.org/show_bug.cgi?id=14579 > > > > > That's causing named to terminate with an error: > > > > > > Dec 11 09:07:10 pluto named[733]: samba_dlz: FAILED dlz_create > > > call > > > result=25 #refs=0 > > > Dec 11 09:07:10 pluto named[733]: dlz_dlopen of 'AD DNS Zone' > > > failed > > > Dec 11 09:07:10 pluto named[733]: SDLZ driver failed to load. > > > Dec 11 09:07:10 pluto named[733]: DLZ driver failed to load. > > > Dec 11 09:07:10 pluto named[733]: loading configuration: failure > > > Dec 11 09:07:10 pluto named[733]: exiting (due to fatal error) > > > Dec 11 09:07:11 pluto systemd[1]: named.service: Main process > > > exited, > > > code=exited, status=1/FAILURE > > > Dec 11 09:07:11 pluto systemd[1]: named.service: Failed with > > > result > > > 'exit-code'. > > > > > > Any tips? > > > > > > On 12/11/2020 2:37 AM, Rowland penny via samba wrote: > > > > On 11/12/2020 09:26, Dan Egli wrote: > > > > > I ran the samba_dnsupgrade and it created TWO dns.keytab > > > > > files. > > > > > You > > > > > said it won't create one in /var/lib/samba/bind-dns > > > > > directory, > > > > > but it > > > > > did. At least, SOMETHING put a file there. Still, if you say > > > > > it > > > > > shouldn't be there, then perhaps I should rm it and point my > > > > > bind > > > > > config to the other. > > > > > > > > > No, I didn't say that, I said that you do not get the keytab in > > > > the > > > > bind-dns dir when you join a DC, but you do when you provision > > > > a > > > > new > > > > DC or run samba_dnsupdate. What the code actually does is to > > > > create > > > > the keytab in the private dir and then copy it to the bind-dns > > > > dir, > > > > so > > > > yes, you do end up with two keytabs. > > > > > > > > There is a bug report about this: > > > > https://bugzilla.samba.org/show_bug.cgi?id=14535 > > > > > > > > And here is my fix: > > > > https://gitlab.com/samba-team/samba/-/merge_requests/1642 > > > > > > > > Which unfortunately was rejected even though it works. > > > > > > > > Rowland > > > > > > > > > > > > > > > -- > > > Dan Egli > > > From my Test Server > > > > > >-- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Okay, I see what you mean. I misunderstood before, sorry. So fix the path to use /var/lib/samba/bind-dns/sam.ldb? Mind saying how, as I looked in all three config files (named.conf, named.conf.dlz and named.conf.update) and don't see an entry for it anywhere. On 12/11/2020 3:14 AM, Andrew Bartlett wrote:> No, you need to use the correct path. Sadly Samba just created an > empty sam.ldb where you pointed, rather than saying 'no such file or > directory'. > > Andrew Bartlett > > On Fri, 2020-12-11 at 03:11 -0700, Dan Egli wrote: >> So, since it looks from the bug that the problem is the ldb is >> empty, >> how can I generate one that would work? >> >> >> On 12/11/2020 3:07 AM, Andrew Bartlett wrote: >>> On Fri, 2020-12-11 at 03:00 -0700, Dan Egli via samba wrote: >>>> So you're saying it really doen't matter which I use? Okay, I'll >>>> just >>>> use the one in private vs. the one in bind-dns. Now if I can only >>>> figure >>>> out why it's complaining about the sam.ldb file: >>> After running samba_upgradedns then use the one in bind-dns. It >>> should >>> have the most recent password. >>> >>>> Dec 11 09:07:10 pluto named[733]: samba_dlz: Unable to get basedn >>>> for >>>> /var/lib/samba/private/dns/sam.ldb - NULL Base DN invalid for a >>>> base >>>> search >>> We moved to /var/lib/samba/bind-dns/sam.ldb (but forget to update >>> the >>> keytab code, hence the rest of this). >>> >>> The error below is because I've not yet backported: >>> https://bugzilla.samba.org/show_bug.cgi?id=14579 >>> >>>> That's causing named to terminate with an error: >>>> >>>> Dec 11 09:07:10 pluto named[733]: samba_dlz: FAILED dlz_create >>>> call >>>> result=25 #refs=0 >>>> Dec 11 09:07:10 pluto named[733]: dlz_dlopen of 'AD DNS Zone' >>>> failed >>>> Dec 11 09:07:10 pluto named[733]: SDLZ driver failed to load. >>>> Dec 11 09:07:10 pluto named[733]: DLZ driver failed to load. >>>> Dec 11 09:07:10 pluto named[733]: loading configuration: failure >>>> Dec 11 09:07:10 pluto named[733]: exiting (due to fatal error) >>>> Dec 11 09:07:11 pluto systemd[1]: named.service: Main process >>>> exited, >>>> code=exited, status=1/FAILURE >>>> Dec 11 09:07:11 pluto systemd[1]: named.service: Failed with >>>> result >>>> 'exit-code'. >>>> >>>> Any tips? >>>> >>>> On 12/11/2020 2:37 AM, Rowland penny via samba wrote: >>>>> On 11/12/2020 09:26, Dan Egli wrote: >>>>>> I ran the samba_dnsupgrade and it created TWO dns.keytab >>>>>> files. >>>>>> You >>>>>> said it won't create one in /var/lib/samba/bind-dns >>>>>> directory, >>>>>> but it >>>>>> did. At least, SOMETHING put a file there. Still, if you say >>>>>> it >>>>>> shouldn't be there, then perhaps I should rm it and point my >>>>>> bind >>>>>> config to the other. >>>>>> >>>>> No, I didn't say that, I said that you do not get the keytab in >>>>> the >>>>> bind-dns dir when you join a DC, but you do when you provision >>>>> a >>>>> new >>>>> DC or run samba_dnsupdate. What the code actually does is to >>>>> create >>>>> the keytab in the private dir and then copy it to the bind-dns >>>>> dir, >>>>> so >>>>> yes, you do end up with two keytabs. >>>>> >>>>> There is a bug report about this: >>>>> https://bugzilla.samba.org/show_bug.cgi?id=14535 >>>>> >>>>> And here is my fix: >>>>> https://gitlab.com/samba-team/samba/-/merge_requests/1642 >>>>> >>>>> Which unfortunately was rejected even though it works. >>>>> >>>>> Rowland >>>>> >>>>> >>>>> >>>> -- >>>> Dan Egli >>>> From my Test Server >>>> >>>>-- Dan Egli From my Test Server
Since _I_ didn't point it anywhere, I can only wonder if it would be acceptable to copy the correctly created one to where samba is looking, since I don't know how to tell it to look in a separate location. I've checked the named.conf* files, and there's no line pointing to it at all, so it must be something internal to the code. If it's okay to simply copy the correct sam.ldb to where it's looking, then let me know, please? Or, if there's a better option I can use please tell me what it is. Thanks! On 12/11/2020 3:14 AM, Andrew Bartlett via samba wrote:> No, you need to use the correct path. Sadly Samba just created an > empty sam.ldb where you pointed, rather than saying 'no such file or > directory'. > > Andrew Bartlett > > On Fri, 2020-12-11 at 03:11 -0700, Dan Egli wrote: >> So, since it looks from the bug that the problem is the ldb is >> empty, >> how can I generate one that would work? >> >> >> On 12/11/2020 3:07 AM, Andrew Bartlett wrote: >>> On Fri, 2020-12-11 at 03:00 -0700, Dan Egli via samba wrote: >>>> So you're saying it really doen't matter which I use? Okay, I'll >>>> just >>>> use the one in private vs. the one in bind-dns. Now if I can only >>>> figure >>>> out why it's complaining about the sam.ldb file: >>> After running samba_upgradedns then use the one in bind-dns. It >>> should >>> have the most recent password. >>> >>>> Dec 11 09:07:10 pluto named[733]: samba_dlz: Unable to get basedn >>>> for >>>> /var/lib/samba/private/dns/sam.ldb - NULL Base DN invalid for a >>>> base >>>> search >>> We moved to /var/lib/samba/bind-dns/sam.ldb (but forget to update >>> the >>> keytab code, hence the rest of this). >>> >>> The error below is because I've not yet backported: >>> https://bugzilla.samba.org/show_bug.cgi?id=14579 >>> >>>> That's causing named to terminate with an error: >>>> >>>> Dec 11 09:07:10 pluto named[733]: samba_dlz: FAILED dlz_create >>>> call >>>> result=25 #refs=0 >>>> Dec 11 09:07:10 pluto named[733]: dlz_dlopen of 'AD DNS Zone' >>>> failed >>>> Dec 11 09:07:10 pluto named[733]: SDLZ driver failed to load. >>>> Dec 11 09:07:10 pluto named[733]: DLZ driver failed to load. >>>> Dec 11 09:07:10 pluto named[733]: loading configuration: failure >>>> Dec 11 09:07:10 pluto named[733]: exiting (due to fatal error) >>>> Dec 11 09:07:11 pluto systemd[1]: named.service: Main process >>>> exited, >>>> code=exited, status=1/FAILURE >>>> Dec 11 09:07:11 pluto systemd[1]: named.service: Failed with >>>> result >>>> 'exit-code'. >>>> >>>> Any tips? >>>> >>>> On 12/11/2020 2:37 AM, Rowland penny via samba wrote: >>>>> On 11/12/2020 09:26, Dan Egli wrote: >>>>>> I ran the samba_dnsupgrade and it created TWO dns.keytab >>>>>> files. >>>>>> You >>>>>> said it won't create one in /var/lib/samba/bind-dns >>>>>> directory, >>>>>> but it >>>>>> did. At least, SOMETHING put a file there. Still, if you say >>>>>> it >>>>>> shouldn't be there, then perhaps I should rm it and point my >>>>>> bind >>>>>> config to the other. >>>>>> >>>>> No, I didn't say that, I said that you do not get the keytab in >>>>> the >>>>> bind-dns dir when you join a DC, but you do when you provision >>>>> a >>>>> new >>>>> DC or run samba_dnsupdate. What the code actually does is to >>>>> create >>>>> the keytab in the private dir and then copy it to the bind-dns >>>>> dir, >>>>> so >>>>> yes, you do end up with two keytabs. >>>>> >>>>> There is a bug report about this: >>>>> https://bugzilla.samba.org/show_bug.cgi?id=14535 >>>>> >>>>> And here is my fix: >>>>> https://gitlab.com/samba-team/samba/-/merge_requests/1642 >>>>> >>>>> Which unfortunately was rejected even though it works. >>>>> >>>>> Rowland >>>>> >>>>> >>>>> >>>> -- >>>> Dan Egli >>>> From my Test Server >>>> >>>>-- Dan Egli From my Test Server