samba - Sep 2016 - Segmentation fault in samba_upgradedns - Samba 4.4.5

On 1 September 2016 at 13:15, Rowland Penny via samba <samba at
lists.samba.org
> wrote:
> On Thu, 1 Sep 2016 12:24:38 +0100
> Cameron Murdoch via samba <samba at lists.samba.org> wrote:
>
> > Hi,
> >
> > I'm having the following issue when trying to switch from
> > samba_internal to bind9_dlz. I have been following the procedure here:
> >
> > https://wiki.samba.org/index.php/Changing_the_DNS_backend#
> > Changing_from_Samba_Internal_DNS_to_BIND_DLZ
> >
> > I get the following:
> >
> > [root at dc2 ~]# /usr/local/sbin/samba_upgradedns
--dns-backend=BIND9_DLZ
> > Reading domain information
> > Segmentation fault (core dumped)
> >
> > The system is running Freebsd 11.0-RC2. I have two domain controllers
> > and I am attempting this on one of them whilst the other is still
> > running.
> >
> > Filesystem is zfs.
> >
> > Both DCs are running Samba 4.4.5 and are otherwise running well.
> >
> > Any help or suggestions would be most appreciated.
> >
> > Thanks
> > Cameron
>
> I take it you have installed a compatible version of bind9, it is set
> up correctly and it isn't running.
>
> After it prints 'Reading domain information' the script gets info
by
> reading smb.conf etc, it then goes on to check a few things before
> (normally) printing 'DNS accounts already exist'
>
> So as you don't get the last message, it seems likely the problem lies
> in the block of code between the messages.
>
> Can you post the smb.conf from the DC you are trying to upgrade
> What version of bind are you using ?
> can you also post your Bind conf files
>
> Rowland

I have  BIND 9.10.4-P2 installed; I believe that it is setup correctly, and
it is not running.

smb.conf:
# Global parameters
[global]
        netbios name = DC2
        realm = MBOK.CO.UK
        workgroup = MBOK
        server role = active directory domain controller
#       server services = -dns ## This is to uncomment once switched to
bind.##
        idmap_ldb:use rfc2307 = yes
        dns forwarder = 192.168.50.5
        nsupdate command = /usr/local/bin/samba-nsupdate -g

        vfs objects = zfsacl
        store dos attributes = Yes
        ea support = yes
        map acl inherit = Yes

        ## Usee nfsv4 acls
        ##  => See README.nfs4acls.txt for more information
        ## Use OWNER@ and GROUP@ special IDs
        nfs4:mode = special
        ## Merge duplicate ACEs
        nfs4:acedup = merge
        ## Enable changing owner and group
        nfs4:chown = yes

[netlogon]
        path = /var/db/samba4/sysvol/mbok.co.uk/scripts
        read only = No

[sysvol]
        path = /var/db/samba4/sysvol
        read only = No

named.conf to follow.

Many thanks for your help.
C

On Thu, 1 Sep 2016 13:31:57 +0100
Cameron Murdoch via samba <samba at lists.samba.org> wrote:
> On 1 September 2016 at 13:15, Rowland Penny via samba
> <samba at lists.samba.org
> > wrote:
> 
> > On Thu, 1 Sep 2016 12:24:38 +0100
> > Cameron Murdoch via samba <samba at lists.samba.org> wrote:
> >
> > > Hi,
> > >
> > > I'm having the following issue when trying to switch from
> > > samba_internal to bind9_dlz. I have been following the procedure
> > > here:
> > >
> > > https://wiki.samba.org/index.php/Changing_the_DNS_backend#
> > > Changing_from_Samba_Internal_DNS_to_BIND_DLZ
> > >
> > > I get the following:
> > >
> > > [root at dc2 ~]# /usr/local/sbin/samba_upgradedns
> > > --dns-backend=BIND9_DLZ Reading domain information
> > > Segmentation fault (core dumped)
> > >
> > > The system is running Freebsd 11.0-RC2. I have two domain
> > > controllers and I am attempting this on one of them whilst the
> > > other is still running.
> > >
> > > Filesystem is zfs.
> > >
> > > Both DCs are running Samba 4.4.5 and are otherwise running well.
> > >
> > > Any help or suggestions would be most appreciated.
> > >
> > > Thanks
> > > Cameron
> >
> > I take it you have installed a compatible version of bind9, it is
> > set up correctly and it isn't running.
> >
> > After it prints 'Reading domain information' the script gets
info by
> > reading smb.conf etc, it then goes on to check a few things before
> > (normally) printing 'DNS accounts already exist'
> >
> > So as you don't get the last message, it seems likely the problem
> > lies in the block of code between the messages.
> >
> > Can you post the smb.conf from the DC you are trying to upgrade
> > What version of bind are you using ?
> > can you also post your Bind conf files
> >
> > Rowland
> 
> 
> I have  BIND 9.10.4-P2 installed; I believe that it is setup
> correctly, and it is not running.
> 
> smb.conf:
> # Global parameters
> [global]
>         netbios name = DC2
>         realm = MBOK.CO.UK
>         workgroup = MBOK
>         server role = active directory domain controller
> #       server services = -dns ## This is to uncomment once switched
> to bind.##
>         idmap_ldb:use rfc2307 = yes
>         dns forwarder = 192.168.50.5
>         nsupdate command = /usr/local/bin/samba-nsupdate -g
> 
>         vfs objects = zfsacl
>         store dos attributes = Yes
>         ea support = yes
>         map acl inherit = Yes
> 
>         ## Usee nfsv4 acls
>         ##  => See README.nfs4acls.txt for more information
>         ## Use OWNER@ and GROUP@ special IDs
>         nfs4:mode = special
>         ## Merge duplicate ACEs
>         nfs4:acedup = merge
>         ## Enable changing owner and group
>         nfs4:chown = yes
> 
> [netlogon]
>         path = /var/db/samba4/sysvol/mbok.co.uk/scripts
>         read only = No
> 
> [sysvol]
>         path = /var/db/samba4/sysvol
>         read only = No
> 
> named.conf to follow.
> 
> Many thanks for your help.
> C
Everything you have posted so far looks ok, the only only other thought
I have had, how are you running Bind9 ? Are you running it in a
'jail' ? I know little about FreeBSD jails, but from my understanding
they are similar to running something in a 'chroot' and you cannot run
bind9 for a Samba AD DC in a 'chroot'
Also when I asked what user does bind runas, I should have said what
group.

Rowland

On Thu, 1 Sep 2016 14:12:21 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
> 
Trying to understand why you are getting the segfault, I set up freebsd
11.0rc2 in a VM and then installed samba44, I now know where Gentoo
gets its ideas from :)

After freebsd built everything in the chain of required packages, it
finally built Samba, I did notice two things, one it built part (or
perhaps the whole) of Bind 9.8.6 to get nsupdate and it also used Samba
4.3.11 for various libraries.

I then tried to provision Samba, big failure, ZFS doesn't seem to like
ACLs, so if somebody could tell me how to get past this, I would be
very much obliged.

Rowland