On 12/31/2015 10:34 AM, Rowland penny wrote:> On 31/12/15 15:27, James wrote: >> On 12/31/2015 10:10 AM, Rowland penny wrote: >>> On 31/12/15 14:43, James wrote: >>>> On 12/30/2015 4:14 PM, Rowland penny wrote: >>>>> ./configure --prefix=/usr --mandir=/usr/share/man >>>>> --infodir=/usr/share/info --sysconfdir=/etc/bind >>>>> --localstatedir=/var --enable-threads --enable-largefile >>>>> --with-libtool --enable-shared --enable-static --with-openssl=/usr >>>>> --with-gssapi=/usr --with-dlopen=yes --with-gnu-ld --enable-ipv6 >>>>> CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2' >>>>> LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro' >>>>> CPPFLAGS='-D_FORTIFY_SOURCE=2' >>>> I seem to have a few errors in my syslog. >>>> >>>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir >>>> '/var/run/named': Permission denied >>>> Dec 31 09:35:17 VMDC1 named[24025]: generating session key for >>>> dynamic DNS >>>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir >>>> '/var/run/named': Permission denied >>>> Dec 31 09:35:17 VMDC1 named[24025]: could not create >>>> /var/run/named/session.key >>>> Dec 31 09:35:17 VMDC1 named[24025]: failed to generate session key >>>> for dynamic DNS: permission denied >>>> Dec 31 09:35:17 VMDC1 named[24025]: sizing zone task pool based on >>>> 3 zones >>>> Dec 31 09:35:17 VMDC1 named[24025]: set up managed keys zone for >>>> view _default, file 'managed-keys.bind' >>>> Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel >>>> from '/etc/bind/rndc.key' >>>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command channel >>>> 127.0.0.1#953: file not found >>>> Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel >>>> from '/etc/bind/rndc.key' >>>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command channel >>>> ::1#953: file not found >>>> Dec 31 09:35:17 VMDC1 named[24025]: the working directory is not >>>> writable >>>> Dec 31 09:35:17 VMDC1 named[24025]: managed-keys-zone: loaded serial 0 >>>> Dec 31 09:35:17 VMDC1 named[24025]: zone 0.0.127.in-addr.arpa/IN: >>>> loaded serial 2013050101 >>>> Dec 31 09:35:17 VMDC1 named[24025]: zone localhost/IN: loaded >>>> serial 2013050101 >>>> Dec 31 09:35:17 VMDC1 named[24025]: all zones loaded >>>> Dec 31 09:35:17 VMDC1 named[24025]: running >>>> >>>> I compiled using 9.9.8-P2 and your suggested configure options. I >>>> see /run is owned by root:root. Should I give group 'named' >>>> permission to this folder? It's not documented in the wiki as needed. >>>> >>> >>> Did you run 'make install' as root or via sudo ? sorry, but I should >>> have been a bit more explicit. I don't remember having to change >>> anything. I will dig out my notes and see if there was anything else. >>> >>> Rowland >>> >>> >> I did everything as root. >> > > Can you post your bind conf files, and your bind init file > Also does /var/run exist > > Rowland > > >I forgot, I do not want to update the distro at the moment. My production is currently on 12.04. Want to keep things symmetrical. I'm going to compile and build bind again. mount | grep /run tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) none on /run/shm type tmpfs (rw,nosuid,nodev) -- -James
Am 31.12.2015 um 16:51 schrieb James:> I forgot, I do not want to update the distro at the moment. My > production is currently on 12.04. Want to keep things symmetrical. I'm > going to compile and build bind again. > > mount | grep /run > tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) > none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) > none on /run/shm type tmpfs (rw,nosuid,nodev)so it's like on every recent distribution not persistent https://www.google.at/#q=ubuntu+12.04+/var/run http://askubuntu.com/questions/303120/how-folders-created-in-var-run-on-each-reboot -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20151231/0f2e1032/signature.sig>
On 12/31/2015 11:01 AM, Reindl Harald wrote:> > > Am 31.12.2015 um 16:51 schrieb James: >> I forgot, I do not want to update the distro at the moment. My >> production is currently on 12.04. Want to keep things symmetrical. I'm >> going to compile and build bind again. >> >> mount | grep /run >> tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) >> none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) >> none on /run/shm type tmpfs (rw,nosuid,nodev) > > so it's like on every recent distribution not persistent > https://www.google.at/#q=ubuntu+12.04+/var/run > > http://askubuntu.com/questions/303120/how-folders-created-in-var-run-on-each-reboot > > > >That second link proved helpful. Thank you. The errors I posted were prior to using a init script. Creating one and using the following eliminated the errors. cat /etc/init/bind9.conf # bind9 - bind9 job file description "bind9 Domain Name Server For Samba4" start on runlevel [2345] stop on runlevel [!2345] pre-start script mkdir -p -m0777 /run/named chown root:named /run/named end script exec /usr/sbin/named -u named Do the permissions look about right for /run? I now get these errors. Dec 31 12:01:59 VMDC1 named[939]: configuring command channel from '/etc/bind/rndc.key' Dec 31 12:01:59 VMDC1 named[939]: couldn't add command channel 127.0.0.1#953: file not found Dec 31 12:01:59 VMDC1 named[939]: configuring command channel from '/etc/bind/rndc.key' Dec 31 12:01:59 VMDC1 named[939]: couldn't add command channel ::1#953: file not found Dec 31 12:01:59 VMDC1 named[939]: the working directory is not writable If I make /etc/bind writable via. the init script. I still get these messages. Maybe it's referring to another folder? -- -James
On 12/31/2015 11:01 AM, Reindl Harald wrote:> > > Am 31.12.2015 um 16:51 schrieb James: >> I forgot, I do not want to update the distro at the moment. My >> production is currently on 12.04. Want to keep things symmetrical. I'm >> going to compile and build bind again. >> >> mount | grep /run >> tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) >> none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) >> none on /run/shm type tmpfs (rw,nosuid,nodev) > > so it's like on every recent distribution not persistent > https://www.google.at/#q=ubuntu+12.04+/var/run > > http://askubuntu.com/questions/303120/how-folders-created-in-var-run-on-each-reboot > > > >I think I can safely ignore these warnings for configuring command channel from '/etc/bind/rndc.key' couldn't add command channel 127.0.0.1#953: file not found It appears rndc is for the following. "BIND includes a utility called rndc which allows command line administration of the named daemon from the localhost or a remote host." I will be using either samba-tool or Microsoft tools to manage the dns. -- -James
On 12/31/2015 11:01 AM, Reindl Harald wrote:> > > Am 31.12.2015 um 16:51 schrieb James: >> I forgot, I do not want to update the distro at the moment. My >> production is currently on 12.04. Want to keep things symmetrical. I'm >> going to compile and build bind again. >> >> mount | grep /run >> tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) >> none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) >> none on /run/shm type tmpfs (rw,nosuid,nodev) > > so it's like on every recent distribution not persistent > https://www.google.at/#q=ubuntu+12.04+/var/run > > http://askubuntu.com/questions/303120/how-folders-created-in-var-run-on-each-reboot > > > >It appears I'm running into issues with the actual switch to bind. loading configuration from '/etc/bind/named.conf' Dec 31 12:48:49 VMDC1 named[918]: /usr/local/samba/private/named.conf.update:2: unknown option 'update-policy' Dec 31 12:48:49 VMDC1 named[918]: /etc/bind/named.conf:54: unknown option 'tkey-gssapi-keytab' Dec 31 12:48:49 VMDC1 named[918]: loading configuration: failure The wiki says During provisioning/upgrading, a file ('/usr/local/samba/private/named.conf') was created, this must be included in your BIND named.conf: include "/usr/local/samba/private/named.conf"; Mine actually is labeled 'named.conf.update'. Should I rename? I also added per the wiki tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; cat /etc/bind/named.conf # /etc/bind/named.conf # Global BIND configuration options include "/usr/local/samba/private/named.conf.update"; options { auth-nxdomain yes; directory "/var/named"; notify no; empty-zones-enable no; allow-query { 127.0.0.1; 192.168.1.0/24; # add other networks you want to allow to query your DNS }; allow-recursion { 192.168.1.0/24; # add other networks you want to allow to do recursive queries }; forwarders { # Google public DNS server here - replace with your own if necessary 8.8.8.8; 8.8.4.4; }; allow-transfer { # this config is for a single master DNS server none; }; }; # Root servers (required zone for recursive queries) zone "." { type hint; file "named.root"; }; # Required localhost forward-/reverse zones zone "localhost" { type master; file "master/localhost.zone"; }; zone "0.0.127.in-addr.arpa" { type master; file "master/0.0.127.zone"; }; tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; }; }; -- -James
On 12/31/2015 11:01 AM, Reindl Harald wrote:> > > Am 31.12.2015 um 16:51 schrieb James: >> I forgot, I do not want to update the distro at the moment. My >> production is currently on 12.04. Want to keep things symmetrical. I'm >> going to compile and build bind again. >> >> mount | grep /run >> tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) >> none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) >> none on /run/shm type tmpfs (rw,nosuid,nodev) > > so it's like on every recent distribution not persistent > https://www.google.at/#q=ubuntu+12.04+/var/run > > http://askubuntu.com/questions/303120/how-folders-created-in-var-run-on-each-reboot > > > >It appears named.conf isn't created until after invoking the actual upgrade command. Corrected that issue. I now see named.conf in /usr/local/samba/private However I still seem to have the /etc/bind/named.conf:54: unknown option 'tkey-gssapi-keytab' -- -James
On 12/31/2015 11:01 AM, Reindl Harald wrote:> > > Am 31.12.2015 um 16:51 schrieb James: >> I forgot, I do not want to update the distro at the moment. My >> production is currently on 12.04. Want to keep things symmetrical. I'm >> going to compile and build bind again. >> >> mount | grep /run >> tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) >> none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) >> none on /run/shm type tmpfs (rw,nosuid,nodev) > > so it's like on every recent distribution not persistent > https://www.google.at/#q=ubuntu+12.04+/var/run > > http://askubuntu.com/questions/303120/how-folders-created-in-var-run-on-each-reboot > > > >OK I think I solved the tkey-gssapi issue. Apparently It wasn't in the correct location in named.conf. The syslog no longer shows any meaningful bind errors. Looking at the samba log I do see some. [2015/12/31 13:22:46.466800, 0] ../source4/smbd/server.c:370(binary_smbd_main) samba version 4.2.5 started. Copyright Andrew Tridgell and the Samba Team 1992-2014 ldb: unable to dlopen /usr/local/samba/lib/ldb/dns_notify.so : /usr/local/samba/lib/private/liberrors-samba4.so: version `SAMBA_4.3.0' not found (required by /usr/local/samba/lib/ldb/dns_notify. so) ldb: unable to dlopen /usr/local/samba/lib/ldb/tombstone_reanimate.so : /usr/local/samba/lib/private/libdsdb-module-samba4.so: version `SAMBA_4.3.0' not found (required by /usr/local/samba/lib/l db/tombstone_reanimate.so) [2015/12/31 13:22:48.050030, 0] ../source4/smbd/server.c:488(binary_smbd_main) samba: using 'standard' process model [2015/12/31 13:22:48.358595, 0] ../lib/util/become_daemon.c:124(daemon_ready) STATUS=daemon 'samba' finished starting up and ready to serve connections [2015/12/31 13:22:50.709103, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_spnupdate: ldb: unable to dlopen /usr/local/samba/lib/ldb/dns_notify.so : /usr/local/samba/lib/private/liberrors-samba4.so: version `SAMBA_4.3.0' not found (require d by /usr/local/samba/lib/ldb/dns_notify.so) [2015/12/31 13:22:51.022158, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_spnupdate: ldb: unable to dlopen /usr/local/samba/lib/ldb/tombstone_reanimate.so : /usr/local/samba/lib/private/libdsdb-module-samba4.so: version `SAMBA_4.3.0' not found (required by /usr/local/samba/lib/ldb/tombstone_reanimate.so) [2015/12/31 13:22:51.377786, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: ldb: unable to dlopen /usr/local/samba/lib/ldb/dns_notify.so : /usr/local/samba/lib/private/liberrors-samba4.so: version `SAMBA_4.3.0' not found (require d by /usr/local/samba/lib/ldb/dns_notify.so) [2015/12/31 13:22:51.800456, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: ldb: unable to dlopen /usr/local/samba/lib/ldb/tombstone_reanimate.so : /usr/local/samba/lib/private/libdsdb-module-samba4.so: version `SAMBA_4.3.0' not found (required by /usr/local/samba/lib/ldb/tombstone_reanimate.so) I need to update to Samba 4.3 in order to resolve this. What exactly do I lose by not updating? -- -James