samba - Nov 2017 - Samba 4.7.1 Switching from SAMBA_INTERNAL to BIND_DLZ failed

Hi Rowland!

Yes there are samba packages installed:

[root at testdc1 ~]# rpm -qa | grep samba
samba-client-libs-4.6.2-11.el7_4.x86_64
samba-winbind-modules-4.6.2-11.el7_4.x86_64
samba-common-libs-4.6.2-11.el7_4.x86_64
samba-common-4.6.2-11.el7_4.noarch
samba-common-tools-4.6.2-11.el7_4.x86_64
samba-libs-4.6.2-11.el7_4.x86_64

And there are seven zones because of /etc/named.rfc1912.zones:

// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and
http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

//zone "localhost" IN {
//      type master;
//      file "named.localhost";
//      allow-update { none; };
//};

zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };


};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};

And the localhost zones from the wiki.

On Fri, Nov 24, 2017 at 10:59 PM, Rowland Penny via samba
<samba at lists.samba.org> wrote:
> On Fri, 24 Nov 2017 22:11:17 +0100
> Sina Owolabi via samba <samba at lists.samba.org> wrote:
>
>> Hi List!
>>
>> Im trying to switch from using the samba internal dns to bind.
>> Im running a self-compiled samba 4.7.1 pair of DCs on Centos 7.2.
>>
>> After following the steps in the wiki, named refuses to start with
>> this error:
>>
>> ● named.service - Berkeley Internet Name Domain (DNS)
>>    Loaded: loaded (/usr/lib/systemd/system/named.service; enabled;
>> vendor preset: disabled)
>>    Active: failed (Result: exit-code) since Fri 2017-11-24 21:58:41
>> WAT; 4min 10s ago
>>   Process: 9321 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF}
>> $OPTIONS (code=exited, status=1/FAILURE)
>>   Process: 9318 ExecStartPre=/bin/bash -c if [ !
>> "$DISABLE_ZONE_CHECKING" == "yes" ]; then
/usr/sbin/named-checkconf -z
>> "$NAMEDCONF"; else echo "Checking of zone files is
disabled"; fi
>> (code=exited, status=0/SUCCESS)
>>  Main PID: 8949 (code=exited, status=0/SUCCESS)
>>
>> Nov 24 21:58:41 testdc1.mytestdom.testsamba.com named[9323]: listening
>> on IPv6 interface lo, ::1#53
>> Nov 24 21:58:41 testdc1.mytestdom.testsamba.com named[9323]:
>> generating session key for dynamic DNS
>> Nov 24 21:58:41 testdc1.mytestdom.testsamba.com named[9323]: sizing
>> zone task pool based on 7 zones
>> Nov 24 21:58:41 testdc1.mytestdom.testsamba.com named[9323]: Loading
>> 'AD DNS Zone' using driver dlopen
>> Nov 24 21:58:41 testdc1.mytestdom.testsamba.com named[9323]:
>> dlz_dlopen failed to open library
>> '/usr/local/samba/lib/bind9/dlz_bind9_9.so' -
>> /usr/lib64/samba/libreplace-samba4.so: version `SAMBA_4.7.1' not
found
>> (required by /usr/local/samba/lib/libsamba-util.so.0)
>
> Do you have any samba packages installed ?
>
> It looks like the wrong file is being found, it should be here:
>
> /usr/local/samba/lib/private/libreplace-samba4.so
>
> Also, why are there '7' zones ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Hi Rowland!

I've uninstalled the samba packages and their dependencies, and now
the error is:

Nov 24 23:29:16 testdc1.mytestdom.testsamba.com named[9501]:
samba_dlz: Failed to connect to /usr/local/samba/private/dns/sam.ldb
Nov 24 23:29:16 testdc1.mytestdom.testsamba.com named[9501]:
dlz_dlopen of 'AD DNS Zone' failed
Nov 24 23:29:16 testdc1.mytestdom.testsamba.com named[9501]: SDLZ
driver failed to load.
Nov 24 23:29:16 testdc1.mytestdom.testsamba.com named[9501]: DLZ
driver failed to load.
Nov 24 23:29:16 testdc1.mytestdom.testsamba.com named[9501]: loading
configuration: failure
Nov 24 23:29:16 testdc1.mytestdom.testsamba.com named[9501]: exiting
(due to fatal error)
Nov 24 23:29:16 testdc1.mytestdom.testsamba.com systemd[1]:
named.service: control process exited, code=exited status=1
Nov 24 23:29:16 testdc1.mytestdom.testsamba.com systemd[1]: Failed to
start Berkeley Internet Name Domain (DNS).
Nov 24 23:29:16 testdc1.mytestdom.testsamba.com systemd[1]: Unit
named.service entered failed state.
Nov 24 23:29:16 testdc1.mytestdom.testsamba.com systemd[1]:
named.service failed.

I have also messed up the permissions on /usr/local/samba. :-S
Would it make more sense to reprovision?

On Fri, Nov 24, 2017 at 11:27 PM, Sina Owolabi <notify.sina at gmail.com>
wrote:
> Hi Rowland!
>
> Yes there are samba packages installed:
>
> [root at testdc1 ~]# rpm -qa | grep samba
> samba-client-libs-4.6.2-11.el7_4.x86_64
> samba-winbind-modules-4.6.2-11.el7_4.x86_64
> samba-common-libs-4.6.2-11.el7_4.x86_64
> samba-common-4.6.2-11.el7_4.noarch
> samba-common-tools-4.6.2-11.el7_4.x86_64
> samba-libs-4.6.2-11.el7_4.x86_64
>
> And there are seven zones because of /etc/named.rfc1912.zones:
>
> // Provided by Red Hat caching-nameserver package
> //
> // ISC BIND named zone configuration for zones recommended by
> // RFC 1912 section 4.1 : localhost TLDs and address zones
> // and
http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
> // (c)2007 R W Franks
> //
> // See /usr/share/doc/bind*/sample/ for example named configuration files.
> //
>
> zone "localhost.localdomain" IN {
>         type master;
>         file "named.localhost";
>         allow-update { none; };
> };
>
> //zone "localhost" IN {
> //      type master;
> //      file "named.localhost";
> //      allow-update { none; };
> //};
>
> zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
> IN {
>         type master;
>         file "named.loopback";
>         allow-update { none; };
> };
>
> zone "1.0.0.127.in-addr.arpa" IN {
>         type master;
>         file "named.loopback";
>         allow-update { none; };
>
>
> };
>
> zone "0.in-addr.arpa" IN {
>         type master;
>         file "named.empty";
>         allow-update { none; };
> };
>
> And the localhost zones from the wiki.
>
> On Fri, Nov 24, 2017 at 10:59 PM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
>> On Fri, 24 Nov 2017 22:11:17 +0100
>> Sina Owolabi via samba <samba at lists.samba.org> wrote:
>>
>>> Hi List!
>>>
>>> Im trying to switch from using the samba internal dns to bind.
>>> Im running a self-compiled samba 4.7.1 pair of DCs on Centos 7.2.
>>>
>>> After following the steps in the wiki, named refuses to start with
>>> this error:
>>>
>>> ● named.service - Berkeley Internet Name Domain (DNS)
>>>    Loaded: loaded (/usr/lib/systemd/system/named.service; enabled;
>>> vendor preset: disabled)
>>>    Active: failed (Result: exit-code) since Fri 2017-11-24 21:58:41
>>> WAT; 4min 10s ago
>>>   Process: 9321 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF}
>>> $OPTIONS (code=exited, status=1/FAILURE)
>>>   Process: 9318 ExecStartPre=/bin/bash -c if [ !
>>> "$DISABLE_ZONE_CHECKING" == "yes" ]; then
/usr/sbin/named-checkconf -z
>>> "$NAMEDCONF"; else echo "Checking of zone files is
disabled"; fi
>>> (code=exited, status=0/SUCCESS)
>>>  Main PID: 8949 (code=exited, status=0/SUCCESS)
>>>
>>> Nov 24 21:58:41 testdc1.mytestdom.testsamba.com named[9323]:
listening
>>> on IPv6 interface lo, ::1#53
>>> Nov 24 21:58:41 testdc1.mytestdom.testsamba.com named[9323]:
>>> generating session key for dynamic DNS
>>> Nov 24 21:58:41 testdc1.mytestdom.testsamba.com named[9323]: sizing
>>> zone task pool based on 7 zones
>>> Nov 24 21:58:41 testdc1.mytestdom.testsamba.com named[9323]:
Loading
>>> 'AD DNS Zone' using driver dlopen
>>> Nov 24 21:58:41 testdc1.mytestdom.testsamba.com named[9323]:
>>> dlz_dlopen failed to open library
>>> '/usr/local/samba/lib/bind9/dlz_bind9_9.so' -
>>> /usr/lib64/samba/libreplace-samba4.so: version `SAMBA_4.7.1'
not found
>>> (required by /usr/local/samba/lib/libsamba-util.so.0)
>>
>> Do you have any samba packages installed ?
>>
>> It looks like the wrong file is being found, it should be here:
>>
>> /usr/local/samba/lib/private/libreplace-samba4.so
>>
>> Also, why are there '7' zones ?
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

On Fri, 24 Nov 2017 23:32:31 +0100
Sina Owolabi <notify.sina at gmail.com> wrote:
> Hi Rowland!
> 
> I've uninstalled the samba packages and their dependencies, and now
> the error is:
> 
> Nov 24 23:29:16 testdc1.mytestdom.testsamba.com named[9501]:
> samba_dlz: Failed to connect to /usr/local/samba/private/dns/sam.ldb
> Nov 24 23:29:16 testdc1.mytestdom.testsamba.com named[9501]:
> dlz_dlopen of 'AD DNS Zone' failed
> Nov 24 23:29:16 testdc1.mytestdom.testsamba.com named[9501]: SDLZ
> driver failed to load.
> Nov 24 23:29:16 testdc1.mytestdom.testsamba.com named[9501]: DLZ
> driver failed to load.
> Nov 24 23:29:16 testdc1.mytestdom.testsamba.com named[9501]: loading
> configuration: failure
> Nov 24 23:29:16 testdc1.mytestdom.testsamba.com named[9501]: exiting
> (due to fatal error)
> Nov 24 23:29:16 testdc1.mytestdom.testsamba.com systemd[1]:
> named.service: control process exited, code=exited status=1
> Nov 24 23:29:16 testdc1.mytestdom.testsamba.com systemd[1]: Failed to
> start Berkeley Internet Name Domain (DNS).
> Nov 24 23:29:16 testdc1.mytestdom.testsamba.com systemd[1]: Unit
> named.service entered failed state.
> Nov 24 23:29:16 testdc1.mytestdom.testsamba.com systemd[1]:
> named.service failed.
> 
> I have also messed up the permissions on /usr/local/samba. :-S
> Would it make more sense to reprovision?
> 
Have a read here before you do anything as drastic as re-provisioning:

https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End

Rowland