samba - May 2018 - named will not start after upgrade of CentOS

Il 15/05/2018 16:34, Rowland Penny via samba ha scritto:
> On Tue, 15 May 2018 15:54:16 +0200
> Marco Coli <marco.coli.gm at gmail.com> wrote:
> 
>>
>> Hello, the message is exactly the same:
>> mag 15 11:30:20 mail.magigas.local named[30186]: Loading 'AD DNS
Zone'
>> using driver dlopen
>> mag 15 11:30:20 mail.magigas.local named[30186]: dlz_dlopen of 'AD
DNS
>> Zone' failed
>> mag 15 11:30:20 mail.magigas.local named[30186]: SDLZ driver failed
>> to load. mag 15 11:30:20 mail.magigas.local named[30186]: DLZ driver
>> failed to load. mag 15 11:30:20 mail.magigas.local named[30186]:
>> loading configuration: out of memory
>> mag 15 11:30:20 mail.magigas.local named[30186]: exiting (due to fatal
>> error)
>> process exited, code=exited status=1
>> mag 15 11:30:20 mail.magigas.local systemd[1]: named.service: control
>> mag 15 11:30:20 mail.magigas.local systemd[1]: Failed to start
>> Berkeley Internet Name Domain (DNS).
>> mag 15 11:30:20 mail.magigas.local systemd[1]: Unit named.service
>> entered failed state.
>> mag 15 11:30:20 mail.magigas.local systemd[1]: named.service failed.
>>
>> Here is named.conf (at the end I have other zones external to AD):
>>
> 
> A couple of comments, I personally wouldn't have any zones other than
> the AD zones in named conf. You should forward anything outside the AD
> domain to another dns server and talking about forwarders, you
> definitely do not 'forward first'.
> 
> Try reading this:
> 
> https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End
> 
> It might help
> 
> Rowland
Ok, thank for your comments, but the problem is not related to this aspects.
If I remove (prior to the upgrade) all 'aliens' zones, after the upgrade
the problem is the same (I tested before, I tried to 'strip out'
named.conf)
I will try to remove 'forward first' as well, and I will let you know.

The problem seems related to some package updated. If I upgrade
sernet-samba alone to sernet-samba-ad-4.8.1-9.el7.x86_64 (and restart
the service, of course), all is ok, but when I update all others
packages, hell on earth (earth=samba)...

Any clue about wich rpm can be involved? Kernel is out of the picture,
because the problem is present immediately after upgrade, before reboot
in new kernel (but reboot does not help)...

My configuration started with 7.1 and survived happily until now...

Thank you

Am 15.05.2018 um 16:47 schrieb Marco Coli via samba:
> Ok, thank for your comments, but the problem is not related to this
aspects.
> If I remove (prior to the upgrade) all 'aliens' zones, after the
upgrade
> the problem is the same (I tested before, I tried to 'strip out'
named.conf)
> I will try to remove 'forward first' as well, and I will let you
know.
> 
> The problem seems related to some package updated. If I upgrade
> sernet-samba alone to sernet-samba-ad-4.8.1-9.el7.x86_64 (and restart
> the service, of course), all is ok, but when I update all others
> packages, hell on earth (earth=samba)...
> 
> Any clue about wich rpm can be involved? Kernel is out of the picture,
> because the problem is present immediately after upgrade, before reboot
> in new kernel (but reboot does not help)...
> 
> My configuration started with 7.1 and survived happily until now...
CentOS 7.5 updates samba to samba-4.7.1-6.el7.x86_64 which is even newer
than on Fedora 26 (4.6.x) - i guess this is a mix of some config files
edited (and now .rppnew instead overwritten) and some unchanged which
are replaced hence by the upgrade

On Tue, 15 May 2018 16:47:39 +0200
Marco Coli <marco.coli.gm at gmail.com> wrote:
> 
> 
> Il 15/05/2018 16:34, Rowland Penny via samba ha scritto:
> > On Tue, 15 May 2018 15:54:16 +0200
> > Marco Coli <marco.coli.gm at gmail.com> wrote:
> > 
> >>
> >> Hello, the message is exactly the same:
> >> mag 15 11:30:20 mail.magigas.local named[30186]: Loading 'AD
DNS
> >> Zone' using driver dlopen
> >> mag 15 11:30:20 mail.magigas.local named[30186]: dlz_dlopen of
'AD
> >> DNS Zone' failed
> >> mag 15 11:30:20 mail.magigas.local named[30186]: SDLZ driver
failed
> >> to load. mag 15 11:30:20 mail.magigas.local named[30186]: DLZ
> >> driver failed to load. mag 15 11:30:20 mail.magigas.local
> >> named[30186]: loading configuration: out of memory
> >> mag 15 11:30:20 mail.magigas.local named[30186]: exiting (due to
> >> fatal error)
> >> process exited, code=exited status=1
> >> mag 15 11:30:20 mail.magigas.local systemd[1]: named.service:
> >> control mag 15 11:30:20 mail.magigas.local systemd[1]: Failed to
> >> start Berkeley Internet Name Domain (DNS).
> >> mag 15 11:30:20 mail.magigas.local systemd[1]: Unit named.service
> >> entered failed state.
> >> mag 15 11:30:20 mail.magigas.local systemd[1]: named.service
> >> failed.
> >>
> >> Here is named.conf (at the end I have other zones external to AD):
> >>
> > 
> > A couple of comments, I personally wouldn't have any zones other
> > than the AD zones in named conf. You should forward anything
> > outside the AD domain to another dns server and talking about
> > forwarders, you definitely do not 'forward first'.
> > 
> > Try reading this:
> > 
> > https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End
> > 
> > It might help
> > 
> > Rowland
> 
> Ok, thank for your comments, but the problem is not related to this
> aspects. If I remove (prior to the upgrade) all 'aliens' zones,
after
> the upgrade the problem is the same (I tested before, I tried to
> 'strip out' named.conf) I will try to remove 'forward
first' as well,
> and I will let you know.
> 
> The problem seems related to some package updated. If I upgrade
> sernet-samba alone to sernet-samba-ad-4.8.1-9.el7.x86_64 (and restart
> the service, of course), all is ok, but when I update all others
> packages, hell on earth (earth=samba)...
> 
> Any clue about wich rpm can be involved? Kernel is out of the picture,
> because the problem is present immediately after upgrade, before
> reboot in new kernel (but reboot does not help)...
Haven't a clue, I do not use such an ossified distro, I prefer mine a
bit more recent ;-)

However, if it works before you upgrade the distro packages, but not
after, then it does seem likely it is something to do with at least
one of the distro packages, possibly Bind9, but it could be anything  

Rowland

Il 15/05/2018 17:01, Rowland Penny via samba ha scritto:
> On Tue, 15 May 2018 16:47:39 +0200
> Marco Coli <marco.coli.gm at gmail.com> wrote:
> 
>>
>>
>> Il 15/05/2018 16:34, Rowland Penny via samba ha scritto:
>>> On Tue, 15 May 2018 15:54:16 +0200
>>> Marco Coli <marco.coli.gm at gmail.com> wrote:
>>>
>>>>
>>>> Hello, the message is exactly the same:
>>>> mag 15 11:30:20 mail.magigas.local named[30186]: Loading
'AD DNS
>>>> Zone' using driver dlopen
>>>> mag 15 11:30:20 mail.magigas.local named[30186]: dlz_dlopen of
'AD
>>>> DNS Zone' failed
>>>> mag 15 11:30:20 mail.magigas.local named[30186]: SDLZ driver
failed
>>>> to load. mag 15 11:30:20 mail.magigas.local named[30186]: DLZ
>>>> driver failed to load. mag 15 11:30:20 mail.magigas.local
>>>> named[30186]: loading configuration: out of memory
>>>> mag 15 11:30:20 mail.magigas.local named[30186]: exiting (due
to
>>>> fatal error)
>>>> process exited, code=exited status=1
>>>> mag 15 11:30:20 mail.magigas.local systemd[1]: named.service:
>>>> control mag 15 11:30:20 mail.magigas.local systemd[1]: Failed
to
>>>> start Berkeley Internet Name Domain (DNS).
>>>> mag 15 11:30:20 mail.magigas.local systemd[1]: Unit
named.service
>>>> entered failed state.
>>>> mag 15 11:30:20 mail.magigas.local systemd[1]: named.service
>>>> failed.
>>>>
>>>> Here is named.conf (at the end I have other zones external to
AD):
>>>>
>>>
>>> A couple of comments, I personally wouldn't have any zones
other
>>> than the AD zones in named conf. You should forward anything
>>> outside the AD domain to another dns server and talking about
>>> forwarders, you definitely do not 'forward first'.
>>>
>>> Try reading this:
>>>
>>> https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End
>>>
>>> It might help
>>>
>>> Rowland
>>
>> Ok, thank for your comments, but the problem is not related to this
>> aspects. If I remove (prior to the upgrade) all 'aliens' zones,
after
>> the upgrade the problem is the same (I tested before, I tried to
>> 'strip out' named.conf) I will try to remove 'forward
first' as well,
>> and I will let you know.
>>
>> The problem seems related to some package updated. If I upgrade
>> sernet-samba alone to sernet-samba-ad-4.8.1-9.el7.x86_64 (and restart
>> the service, of course), all is ok, but when I update all others
>> packages, hell on earth (earth=samba)...
>>
>> Any clue about wich rpm can be involved? Kernel is out of the picture,
>> because the problem is present immediately after upgrade, before
>> reboot in new kernel (but reboot does not help)...
> 
> Haven't a clue, I do not use such an ossified distro, I prefer mine a
> bit more recent ;-)
Which is? :-)
> However, if it works before you upgrade the distro packages, but not
> after, then it does seem likely it is something to do with at least
> one of the distro packages, possibly Bind9, but it could be anything  
As soon as I will have some time (!) I will try to narrow down the
package involved doing selective upgrade on a test machine... Bind is
top of the guilty list!

Il 15/05/2018 16:51, Reindl Harald via samba ha scritto:
> 
> 
> Am 15.05.2018 um 16:47 schrieb Marco Coli via samba:
>> Ok, thank for your comments, but the problem is not related to this
aspects.
>> If I remove (prior to the upgrade) all 'aliens' zones, after
the upgrade
>> the problem is the same (I tested before, I tried to 'strip
out' named.conf)
>> I will try to remove 'forward first' as well, and I will let
you know.
>>
>> The problem seems related to some package updated. If I upgrade
>> sernet-samba alone to sernet-samba-ad-4.8.1-9.el7.x86_64 (and restart
>> the service, of course), all is ok, but when I update all others
>> packages, hell on earth (earth=samba)...
>>
>> Any clue about wich rpm can be involved? Kernel is out of the picture,
>> because the problem is present immediately after upgrade, before reboot
>> in new kernel (but reboot does not help)...
>>
>> My configuration started with 7.1 and survived happily until now...
> CentOS 7.5 updates samba to samba-4.7.1-6.el7.x86_64 which is even newer
> than on Fedora 26 (4.6.x) - i guess this is a mix of some config files
> edited (and now .rppnew instead overwritten) and some unchanged which
> are replaced hence by the upgrade
samba provided with CentOS is without AD functionality. If you need AD,
you need to compile samba by yourself or use third party repos (as I
did, sernet-samba).

I used successfully this environment on more than 10 server with
centos/RHEL 6.x and 7.x, until last 7.5 update.