samba - May 2018 - named will not start after upgrade of CentOS

Il 16/05/2018 02:52, me at tdiehl.org ha scritto:
> On Tue, 15 May 2018, Marco Coli via samba wrote:
> 
>>
>> I have the same problem on 3 different machines, different location,
>> different AD domains.
>> For 2 (after the problem occurred on the first one),being Virtual, I
did
>> a snapshot before, so I was able to reverse the problem.
>>
>> sernet-samba-ad-4.8.1-9.el7.x86_64 on all 3. 2 of them are CentOs, the
>> third RHEL. Same behavior.
> 
> I am not sure if it will help but I would try turning up the logging on
> kerberos
> and see it that shows anything interesting. see
>
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Debugging_the_BIND9_DLZ_Module
> 
> for details.
> 
> You might also want to review
>
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Configuring_Kerberos.
> 
> Does Sernet use 2 separate copies of krb5.conf? If yes, are they symlinked?
> The Wiki page specifically says don't do that.
> 
> Are the permissions on krb5.conf set so that users other then root can
> read them. 644?
> 
> I wonder if samba actually uses both copies or just the one in /etc?
> 
> Regards,
> 

I did find the problem is originating with kerberos upgrade. If I
upgrade everything except kerberos rpm to 7.5, dns has no problem.

I will find with log examination where is the problem.

Thank you ALL for the help and suggestions!

On Thu, 17 May 2018 15:06:35 +0200
Marco Coli via samba <samba at lists.samba.org> wrote:
> 
> I did find the problem is originating with kerberos upgrade. If I
> upgrade everything except kerberos rpm to 7.5, dns has no problem.
What kerberos rpm ?
If it is for the server it shouldn't be installed anyway, Samba uses
its own KDC.

Rowland

On Thu, 17 May 2018, Rowland Penny via samba wrote:
> On Thu, 17 May 2018 15:06:35 +0200
> Marco Coli via samba <samba at lists.samba.org> wrote:
>
>>
>> I did find the problem is originating with kerberos upgrade. If I
>> upgrade everything except kerberos rpm to 7.5, dns has no problem.
>
> What kerberos rpm ?
> If it is for the server it shouldn't be installed anyway, Samba uses
> its own KDC.
On Centos 7.5 I suspect he is talking about krb5-libs-1.15.1-19.el7.x86_64

Unfortunately on a Centos 7 machine it gets installed with at system creation
time and cannot be removed without breaking the system.

FWIW,
(vdc2 pts2) # rpm -qf /etc/krb5.conf
krb5-libs-1.15.1-19.el7.x86_64
(vdc2 pts2) #

For giggles I tried to rm it and I get an error when yum tries to rm the
dependencies.

As to the actual problem, my fully updated Centos-7.5 systems are functioning
normally after removing the stupid include line from /etc/krb5.conf.

All of this brings up a different question, Since I use self compiled Samba DCs
my machines have 2 krb5.conf files. One is obviously in /etc/ but the other is
in /usr/local/samba/private/. I know the Wiki says to copy the one in 
/usr/local/samba/private/ to /etc/ but does Samba use the one in 
/usr/local/samba/private/ for anything else other than to seed the one in /etc?

Could /usr/local/samba/private/krb5.conf be removed and still have samba
function properly. I do not want to actually rm it I am just trying to
understand how things work.

Regards

-- 
Tom			me at tdiehl.org