lingpanda101 at gmail.com
2016-Apr-28 17:32 UTC
[Samba] RNDC errors using SAMBA_INTERNAL_DNS
On 4/28/2016 1:05 PM, Rowland penny wrote:> On 28/04/16 17:21, Wayne Merricks wrote: >> Hi all, >> >> I've set up a simple domain using Samba 4.4.2 from source under >> Ubuntu 16.04. >> >> I accepted the usual defaults and basically followed wiki.samba.org >> to the letter. The main thing is I'm using Samba's internal DNS and >> not Bind (Bind is not even installed on the system). >> >> In the log.samba file on the first DC I kept getting this: >> >> [2016/04/28 17:01:02.716292, 0] >> ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler) >> /usr/sbin/rndc: Failed to exec child - No such file or directory >> [2016/04/28 17:01:02.717094, 0] >> ../source4/dsdb/dns/dns_update.c:91(dnsupdate_rndc_done) >> ../source4/dsdb/dns/dns_update.c:91: Failed rndc update - >> NT_STATUS_UNSUCCESSFUL >> >> I'm not sure why dns_update would want to use rndc (bind utils) but I >> installed rndc just to see what it would do and now I get this error: >> >> [2016/04/28 17:09:03.095642, 0] >> ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler) >> /usr/sbin/rndc: rndc: neither /etc/bind/rndc.conf nor >> /etc/bind/rndc.key was found >> [2016/04/28 17:09:03.096090, 0] >> ../source4/dsdb/dns/dns_update.c:91(dnsupdate_rndc_done) >> ../source4/dsdb/dns/dns_update.c:91: Failed rndc update - >> NT_STATUS_ACCESS_DENIED >> >> The error makes sense as Bind is not installed but I'm puzzled why it >> wants to do this even though it is set up as Samba Internal DNS. >> >> On the second DC I get tsig verify failure messages but the Google >> consensus seems to be that these are safely ignored under Samba >> Internal DNS: >> >> [2016/04/27 17:35:00.113802, 0] >> ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler) >> /usr/local/samba/sbin/samba_dnsupdate: ; TSIG error with server: >> tsig verify failure >> [2016/04/27 17:35:00.296862, 0] >> ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler) >> /usr/local/samba/sbin/samba_dnsupdate: ; TSIG error with server: >> tsig verify failure >> [2016/04/27 17:35:00.316968, 0] >> ../source4/dsdb/dns/dns_update.c:295(dnsupdate_nameupdate_done) >> ../source4/dsdb/dns/dns_update.c:295: Failed DNS update - >> NT_STATUS_UNSUCCESSFUL >> >> >> Are either of these errors worth fixing or are they something to live >> with when using Samba Internal DNS? >> >> Regards, >> >> Wayne >> > > Strange, I compiled 4.4.2 myself and I don't have /usr/bin/rndc but > everything is working ok, mind you, I do use Bind9. > > What packages did you install before compiling Samba and what where > your ./configure options ? > > Rowland > >I use Ubuntu 12.04 with Samba 4.4.2 and do not have this issue. It's as if Samba thinks you are using Bind. What is the output of samba-tool testparm -v | grep |"server services =" Is bind installed and or running on this system inadvertently? I'm curious if switching to bind and back to the internal DNS would solve this? 'samba_upgradedns --dns-backend=BIND9_DLZ' then 'samba_upgradedns --dns-backend=SAMBA_INTERNAL' Shutdown Samba first. The tsig error you can safely ignore. Secure updates last I checked still don't work. -- -James
Hi, I installed the dependencies direct from the Debian/Ubuntu pre-reqs on the samba wiki here: https://wiki.samba.org/index.php/Operating_system_requirements/Dependencies_-_Libraries_and_programs#Debian_.2F_Ubuntu Then just a straight forward configure with no options as per this page: https://wiki.samba.org/index.php/Build_Samba_from_source Everything seems to work it (joining domains, logging in etc however I don't have dhcp set up on the DC yet) just seems odd that it is trying to use bind components. Regards, Wayne On 28/04/16 18:32, lingpanda101 at gmail.com wrote:> On 4/28/2016 1:05 PM, Rowland penny wrote: >> On 28/04/16 17:21, Wayne Merricks wrote: >>> Hi all, >>> >>> I've set up a simple domain using Samba 4.4.2 from source under >>> Ubuntu 16.04. >>> >>> I accepted the usual defaults and basically followed wiki.samba.org >>> to the letter. The main thing is I'm using Samba's internal DNS and >>> not Bind (Bind is not even installed on the system). >>> >>> In the log.samba file on the first DC I kept getting this: >>> >>> [2016/04/28 17:01:02.716292, 0] >>> ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler) >>> /usr/sbin/rndc: Failed to exec child - No such file or directory >>> [2016/04/28 17:01:02.717094, 0] >>> ../source4/dsdb/dns/dns_update.c:91(dnsupdate_rndc_done) >>> ../source4/dsdb/dns/dns_update.c:91: Failed rndc update - >>> NT_STATUS_UNSUCCESSFUL >>> >>> I'm not sure why dns_update would want to use rndc (bind utils) but >>> I installed rndc just to see what it would do and now I get this error: >>> >>> [2016/04/28 17:09:03.095642, 0] >>> ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler) >>> /usr/sbin/rndc: rndc: neither /etc/bind/rndc.conf nor >>> /etc/bind/rndc.key was found >>> [2016/04/28 17:09:03.096090, 0] >>> ../source4/dsdb/dns/dns_update.c:91(dnsupdate_rndc_done) >>> ../source4/dsdb/dns/dns_update.c:91: Failed rndc update - >>> NT_STATUS_ACCESS_DENIED >>> >>> The error makes sense as Bind is not installed but I'm puzzled why >>> it wants to do this even though it is set up as Samba Internal DNS. >>> >>> On the second DC I get tsig verify failure messages but the Google >>> consensus seems to be that these are safely ignored under Samba >>> Internal DNS: >>> >>> [2016/04/27 17:35:00.113802, 0] >>> ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler) >>> /usr/local/samba/sbin/samba_dnsupdate: ; TSIG error with server: >>> tsig verify failure >>> [2016/04/27 17:35:00.296862, 0] >>> ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler) >>> /usr/local/samba/sbin/samba_dnsupdate: ; TSIG error with server: >>> tsig verify failure >>> [2016/04/27 17:35:00.316968, 0] >>> ../source4/dsdb/dns/dns_update.c:295(dnsupdate_nameupdate_done) >>> ../source4/dsdb/dns/dns_update.c:295: Failed DNS update - >>> NT_STATUS_UNSUCCESSFUL >>> >>> >>> Are either of these errors worth fixing or are they something to >>> live with when using Samba Internal DNS? >>> >>> Regards, >>> >>> Wayne >>> >> >> Strange, I compiled 4.4.2 myself and I don't have /usr/bin/rndc but >> everything is working ok, mind you, I do use Bind9. >> >> What packages did you install before compiling Samba and what where >> your ./configure options ? >> >> Rowland >> >> > > I use Ubuntu 12.04 with Samba 4.4.2 and do not have this issue. It's > as if Samba thinks you are using Bind. What is the output of > > samba-tool testparm -v | grep |"server services =" > > Is bind installed and or running on this system inadvertently? I'm > curious if switching to bind and back to the internal DNS would solve > this? > > 'samba_upgradedns --dns-backend=BIND9_DLZ' > > then > > 'samba_upgradedns --dns-backend=SAMBA_INTERNAL' > > Shutdown Samba first. > > The tsig error you can safely ignore. Secure updates last I checked > still don't work. >
On Fri, 2016-04-29 at 11:37 +0100, Wayne Merricks wrote:> Hi, > > I installed the dependencies direct from the Debian/Ubuntu pre-reqs > on > the samba wiki here: > > https://wiki.samba.org/index.php/Operating_system_requirements/Depend > encies_-_Libraries_and_programs#Debian_.2F_Ubuntu > > Then just a straight forward configure with no options as per this > page: > > https://wiki.samba.org/index.php/Build_Samba_from_source > > Everything seems to work it (joining domains, logging in etc however > I > don't have dhcp set up on the DC yet) just seems odd that it is > trying > to use bind components.We should probably check for in-directory DNS records and then skip this call in that case. You are welcome to file a bug. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba