samba - Sep 2013 - samba4+bind9.9 will not start: samba_dlz: dns_rdata_fromtext: buffer-0x7f1c0cbcd680:1: near 'hostmaster.domain.de': not a valid number

Hello,

running on Debian jessie 64bit samba 4.0.8 and bind 9.9 but with the
description from https://wiki.samba.org/index.php/Dns-backend_bind I run
into the following problem:

# named -u bind -g 2>&1 |tee named.log
12-Sep-2013 15:43:07.287 starting BIND
9.9.3-rpz2+rl.13214.22-P2-Debian-1:9.9.3.dfsg.P2-4 -u bind -g
12-Sep-2013 15:43:07.287 built with '--prefix=/usr'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--localstatedir=/var'
'--enable-threads' '--enable-largefile' '--with-libtool'
'--enable-shared' '--enable-static'
'--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no'
'--enable-ipv6' '--enable-filter-aaaa'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
12-Sep-2013 15:43:07.287 ----------------------------------------------------
12-Sep-2013 15:43:07.287 BIND 9 is maintained by Internet Systems Consortium,
12-Sep-2013 15:43:07.287 Inc. (ISC), a non-profit 501(c)(3) public-benefit 
12-Sep-2013 15:43:07.288 corporation.  Support and training for BIND 9 are 
12-Sep-2013 15:43:07.288 available at https://www.isc.org/support
12-Sep-2013 15:43:07.288 ----------------------------------------------------
12-Sep-2013 15:43:07.288 adjusted limit on open files from 4096 to 1048576
12-Sep-2013 15:43:07.288 found 2 CPUs, using 2 worker threads
12-Sep-2013 15:43:07.288 using 2 UDP listeners per interface
12-Sep-2013 15:43:07.289 using up to 4096 sockets
12-Sep-2013 15:43:07.292 loading configuration from
'/etc/bind/named.conf'
12-Sep-2013 15:43:07.292 reading built-in trusted keys from file
'/etc/bind/bind.keys'
12-Sep-2013 15:43:07.292 using default UDP/IPv4 port range: [1024, 65535]
12-Sep-2013 15:43:07.292 using default UDP/IPv6 port range: [1024, 65535]
12-Sep-2013 15:43:07.293 listening on IPv6 interfaces, port 53
12-Sep-2013 15:43:07.295 listening on IPv4 interface lo, 127.0.0.1#53
12-Sep-2013 15:43:07.295 listening on IPv4 interface eth0, 10.1.1.138#53
12-Sep-2013 15:43:07.296 generating session key for dynamic DNS
12-Sep-2013 15:43:07.296 sizing zone task pool based on 25 zones
12-Sep-2013 15:43:07.297 Loading 'AD DNS Zone' using driver dlopen
12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'gssapi_spnego'
registered
12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'gssapi_krb5'
registered
12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'gssapi_krb5_sasl'
registered
12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'schannel' registered
12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'spnego' registered
12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'ntlmssp' registered
12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'krb5' registered
12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'fake_gssapi_krb5'
registered
12-Sep-2013 15:43:07.495 samba_dlz: started for DN DC=domain,DC=de
12-Sep-2013 15:43:07.495 samba_dlz: starting configure
12-Sep-2013 15:43:07.496 dns_rdata_fromtext: buffer-0x7f1c0cbcd680:1: near
'hostmaster.domain.de': not a valid number
12-Sep-2013 15:43:07.496 Failed to put rr
12-Sep-2013 15:43:07.496 zone domain.de/NONE: has 0 SOA records
12-Sep-2013 15:43:07.496 samba_dlz: Failed to configure zone 'domain.de'
12-Sep-2013 15:43:07.497 samba_dlz: shutting down
12-Sep-2013 15:43:07.497 loading configuration: bad zone
12-Sep-2013 15:43:07.497 exiting (due to fatal error)

The smb.conf is:
[global]
   workgroup = domain
   realm = DOMAIN.DE
   netbios name = sso-test System
   server services = -dns
   wins support = yes
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog only = no
   syslog = 10
   panic action = /usr/share/samba/panic-action %d
   server role = domain controller
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   pam password change = yes
   map to guest = bad user

[sysvol]
  path = /var/lib/samba/sysvol
  read only = no

[netlogon]
  path = /var/lib/samba/sysvol/domain.de/scripts
  read only = no

Enabling the internal samba DNS and it works. Kerberos things like kinit
and klist works.

Commenting the database "dlopen ... in private/named.conf out let the
bind server start but of course without the samba Zone.

Any idea what could be wrong or how can I debug the wrong zone?

Thank you.

Regards
	Noel

-- 
No?l K?the <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.samba.org/pipermail/samba/attachments/20130912/884f0a8c/attachment.pgp>

On 12/09/13 15:16, No?l K?the wrote:
> Hello,
>
> running on Debian jessie 64bit samba 4.0.8 and bind 9.9 but with the
> description from https://wiki.samba.org/index.php/Dns-backend_bind I run
> into the following problem:
>
> # named -u bind -g 2>&1 |tee named.log
> 12-Sep-2013 15:43:07.287 starting BIND
9.9.3-rpz2+rl.13214.22-P2-Debian-1:9.9.3.dfsg.P2-4 -u bind -g
> 12-Sep-2013 15:43:07.287 built with '--prefix=/usr'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--localstatedir=/var'
'--enable-threads' '--enable-largefile' '--with-libtool'
'--enable-shared' '--enable-static'
'--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no'
'--enable-ipv6' '--enable-filter-aaaa'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
> 12-Sep-2013 15:43:07.287
----------------------------------------------------
> 12-Sep-2013 15:43:07.287 BIND 9 is maintained by Internet Systems
Consortium,
> 12-Sep-2013 15:43:07.287 Inc. (ISC), a non-profit 501(c)(3) public-benefit
> 12-Sep-2013 15:43:07.288 corporation.  Support and training for BIND 9 are
> 12-Sep-2013 15:43:07.288 available at https://www.isc.org/support
> 12-Sep-2013 15:43:07.288
----------------------------------------------------
> 12-Sep-2013 15:43:07.288 adjusted limit on open files from 4096 to 1048576
> 12-Sep-2013 15:43:07.288 found 2 CPUs, using 2 worker threads
> 12-Sep-2013 15:43:07.288 using 2 UDP listeners per interface
> 12-Sep-2013 15:43:07.289 using up to 4096 sockets
> 12-Sep-2013 15:43:07.292 loading configuration from
'/etc/bind/named.conf'
> 12-Sep-2013 15:43:07.292 reading built-in trusted keys from file
'/etc/bind/bind.keys'
> 12-Sep-2013 15:43:07.292 using default UDP/IPv4 port range: [1024, 65535]
> 12-Sep-2013 15:43:07.292 using default UDP/IPv6 port range: [1024, 65535]
> 12-Sep-2013 15:43:07.293 listening on IPv6 interfaces, port 53
> 12-Sep-2013 15:43:07.295 listening on IPv4 interface lo, 127.0.0.1#53
> 12-Sep-2013 15:43:07.295 listening on IPv4 interface eth0, 10.1.1.138#53
> 12-Sep-2013 15:43:07.296 generating session key for dynamic DNS
> 12-Sep-2013 15:43:07.296 sizing zone task pool based on 25 zones
> 12-Sep-2013 15:43:07.297 Loading 'AD DNS Zone' using driver dlopen
> 12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'gssapi_spnego'
registered
> 12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'gssapi_krb5'
registered
> 12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend
'gssapi_krb5_sasl' registered
> 12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'schannel'
registered
> 12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'spnego'
registered
> 12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'ntlmssp'
registered
> 12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend 'krb5'
registered
> 12-Sep-2013 15:43:07.313 samba_dlz: GENSEC backend
'fake_gssapi_krb5' registered
> 12-Sep-2013 15:43:07.495 samba_dlz: started for DN DC=domain,DC=de
> 12-Sep-2013 15:43:07.495 samba_dlz: starting configure
> 12-Sep-2013 15:43:07.496 dns_rdata_fromtext: buffer-0x7f1c0cbcd680:1: near
'hostmaster.domain.de': not a valid number
> 12-Sep-2013 15:43:07.496 Failed to put rr
> 12-Sep-2013 15:43:07.496 zone domain.de/NONE: has 0 SOA records
> 12-Sep-2013 15:43:07.496 samba_dlz: Failed to configure zone
'domain.de'
> 12-Sep-2013 15:43:07.497 samba_dlz: shutting down
> 12-Sep-2013 15:43:07.497 loading configuration: bad zone
> 12-Sep-2013 15:43:07.497 exiting (due to fatal error)
>
> The smb.conf is:
> [global]
>     workgroup = domain
>     realm = DOMAIN.DE
>     netbios name = sso-test System
>     server services = -dns
>     wins support = yes
>     log file = /var/log/samba/log.%m
>     max log size = 1000
>     syslog only = no
>     syslog = 10
>     panic action = /usr/share/samba/panic-action %d
>     server role = domain controller
>     passdb backend = tdbsam
>     obey pam restrictions = yes
>     unix password sync = yes
>     pam password change = yes
>     map to guest = bad user
>
> [sysvol]
>    path = /var/lib/samba/sysvol
>    read only = no
>
> [netlogon]
>    path = /var/lib/samba/sysvol/domain.de/scripts
>    read only = no
>
> Enabling the internal samba DNS and it works. Kerberos things like kinit
> and klist works.
>
> Commenting the database "dlopen ... in private/named.conf out let the
> bind server start but of course without the samba Zone.
>
> Any idea what could be wrong or how can I debug the wrong zone?
>
> Thank you.
>
> Regards
> 	Noel
>
>
>
How did you provision samba 4?

Rowland

Hello,

I solved my bind problem:

Am Donnerstag, den 12.09.2013, 16:16 +0200 schrieb No?l K?the:
> 12-Sep-2013 15:43:07.495 samba_dlz: started for DN DC=domain,DC=de
> 12-Sep-2013 15:43:07.495 samba_dlz: starting configure
> 12-Sep-2013 15:43:07.496 dns_rdata_fromtext: buffer-0x7f1c0cbcd680:1: near
'hostmaster.domain.de': not a valid number
>    realm = DOMAIN.DE
>    netbios name = sso-test System
The netbios name was "sso-test System" (my failure to add a additional
and wrong space) with the result in the machine account "SSO-TEST SYSTEM
$@DOMAIN.DE" but the system name is just sso-test.

Comment out this option and reprovisioning solves my bind problem. Just
if somebody have the same problem.

Is it worth to file a bug to have the option checked?

-- 
No?l K?the <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.samba.org/pipermail/samba/attachments/20130916/2bf30193/attachment.pgp>