I am working towards joining my second DC to the first. If I am understanding: https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory correctly I am to get bind9 working properly before the join should happen. I am getting this:> root at dc2:~# systemctl status bind9 > > ? bind9.service - BIND Domain Name Server > > Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: > enabled) > > Active: failed (Result: exit-code) since Mon 2020-10-12 08:53:06 CDT; 2min > 38s ago > > Docs: man:named(8) > > Process: 560 ExecStart=/usr/sbin/named $OPTIONS (code=exited, > status=1/FAILURE) > > > Oct 12 08:53:06 dc2 named[561]: samba_dlz: Failed to connect to Failed to > connect to */var/lib/samba/private/dns/sam.ldb*: Unable to open tdb > '/var/lib/samba/private/dns/sam.ldb': No such file or directory: Operations > error > > Oct 12 08:53:06 dc2 named[561]: samba_dlz: FAILED dlz_create call > result=25 #refs=0 > > Oct 12 08:53:06 dc2 named[561]: dlz_dlopen of 'AD DNS Zone' failed > > Oct 12 08:53:06 dc2 named[561]: SDLZ driver failed to load. > > Oct 12 08:53:06 dc2 named[561]: DLZ driver failed to load. > > Oct 12 08:53:06 dc2 named[561]: loading configuration: failure > > Oct 12 08:53:06 dc2 named[561]: exiting (due to fatal error) > > Oct 12 08:53:06 dc2 systemd[1]: bind9.service: Control process exited, > code=exited, status=1/FAILURE > > Oct 12 08:53:06 dc2 systemd[1]: bind9.service: Failed with result > 'exit-code'. > > Oct 12 08:53:06 dc2 systemd[1]: Failed to start BIND Domain Name Server. >And this:> root at dc2:~# journalctl -xe > > Oct 12 08:53:06 dc2 named[561]: SDLZ driver failed to load. > > Oct 12 08:53:06 dc2 named[561]: DLZ driver failed to load. > > Oct 12 08:53:06 dc2 named[561]: loading configuration: failure > > Oct 12 08:53:06 dc2 named[561]: exiting (due to fatal error) > > Oct 12 08:53:06 dc2 systemd[1]: bind9.service: Control process exited, > code=exited, status=1/FAILURE > > -- Subject: Unit process exited > > -- Defined-By: systemd > > -- Support: https://www.debian.org/support > > -- > > -- An ExecStart= process belonging to unit bind9.service has exited. > > -- > > -- The process' exit code is 'exited' and its exit status is 1. > > Oct 12 08:53:06 dc2 systemd[1]: bind9.service: Failed with result > 'exit-code'. > > -- Subject: Unit failed > > -- Defined-By: systemd > > -- Support: https://www.debian.org/support > > -- > > -- The unit bind9.service has entered the 'failed' state with result > 'exit-code'. > > Oct 12 08:53:06 dc2 systemd[1]: Failed to start BIND Domain Name Server. > > -- Subject: A start job for unit bind9.service has failed > > -- Defined-By: systemd > > -- Support: https://www.debian.org/support > > -- > > -- A start job for unit bind9.service has finished with a failure. > > -- > > -- The job identifier is 338 and the job result is failed. > > Oct 12 08:54:59 dc2 sshd[570]: Connection closed by 192.168.0.22 port > 38620 [preauth] > > lines 1640-1666/1666 (END) >I have been through the bind9 changes many times. Compared the changes to the first DC and cannot see any difference. But, I cannot figure out why bind is looking here: '/var/lib/samba/private/dns/sam.ldb' . Here are my:> root at dc2:~# cat /etc/bind/named.conf > > // This is the primary configuration file for the BIND DNS server named. > > // > > // Please read /usr/share/doc/bind9/README.Debian.gz for information on > the > > // structure of BIND configuration files in Debian, *BEFORE* you customize > > // this configuration file. > > // > > // If you are just adding zones, please do that in > /etc/bind/named.conf.local > > > include "/etc/bind/named.conf.options"; > > include "/etc/bind/named.conf.local"; > > include "/etc/bind/named.conf.default-zones"; > > > root at dc2:~# cat /etc/bind/named.conf.options > > options { > > directory "/var/cache/bind"; > > > // If there is a firewall between you and nameservers you want > > // to talk to, you may need to fix the firewall to allow multiple > > // ports to talk. See http://www.kb.cert.org/vuls/id/800113 > > > // If your ISP provided one or more IP addresses for stable > > // nameservers, you probably want to use them as forwarders. > > // Uncomment the following block, and insert the addresses replacing > > // the all-0's placeholder. > > > // forwarders { > > forwarders { 8.8.8.8; 8.8.4.4; }; > > // 0.0.0.0; > > // }; > > > //=======================================================================> > // If BIND logs error messages about the root key being expired, > > // you will need to update your keys. See https://www.isc.org/bind-keys > > //=======================================================================> > dnssec-validation auto; > > > listen-on-v6 { any; }; > > empty-zones-enable no; > > // https://wiki.samba.org/index.php/Dns-backend_bind > > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > > }; > > root at dc2:~# cat /etc/bind/named.conf.local > > // > > // Do any local configuration here > > // > > > // Consider adding the 1918 zones here, if they are not used in your > > // organization > > //include "/etc/bind/zones.rfc1918"; > > > // adding the dlopen ( Bind DLZ ) module for samba. > > // at install debian already sets the correct bind9.XX version in this > file below. > > include "/var/lib/samba/bind-dns/named.conf"; > > > root at dc2:~# cat /etc/bind/named.conf.default-zones > > // prime the server with knowledge of the root servers > > zone "." { > > type hint; > > file "/usr/share/dns/root.hints"; > > }; > > > // be authoritative for the localhost forward and reverse zones, and for > > // broadcast zones as per RFC 1912 > > > zone "localhost" { > > type master; > > file "/etc/bind/db.local"; > > }; > > > zone "127.in-addr.arpa" { > > type master; > > file "/etc/bind/db.127"; > > }; > > > zone "0.in-addr.arpa" { > > type master; > > file "/etc/bind/db.0"; > > }; > > > zone "255.in-addr.arpa" { > > type master; > > file "/etc/bind/db.255"; > > }; >Am I overlooking something?
On 12/10/2020 15:17, Robert Wooden via samba wrote:> I am working towards joining my second DC to the first. > > If I am understanding: > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory > correctly I am to get bind9 working properly before the join should happen. > > I am getting this: > >> root at dc2:~# systemctl status bind9 >> >> ? bind9.service - BIND Domain Name Server >> >> Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: >> enabled) >> >> Active: failed (Result: exit-code) since Mon 2020-10-12 08:53:06 CDT; 2min >> 38s ago >> >> Docs: man:named(8) >> >> Process: 560 ExecStart=/usr/sbin/named $OPTIONS (code=exited, >> status=1/FAILURE) >> >> >> Oct 12 08:53:06 dc2 named[561]: samba_dlz: Failed to connect to Failed to >> connect to */var/lib/samba/private/dns/sam.ldb*: Unable to open tdb >> '/var/lib/samba/private/dns/sam.ldb': No such file or directory: Operations >> error >>var/lib/samba/private/dns has been replaced by /var/lib/samba/bind-dns/dns Rowland
Yes, I am aware of the replacement but, my /etc/bind/named.conf.options is set "tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";". I cannot find any config file setting that "points" to the old directory (private/dns)? How can bind be looking in the incorrect directory when set to "/var/lib/samba/bind-dns/..."? Should I "forcibly" reinstall bind9 and check settings? On Mon, Oct 12, 2020 at 9:25 AM Rowland penny via samba < samba at lists.samba.org> wrote:> On 12/10/2020 15:17, Robert Wooden via samba wrote: > > I am working towards joining my second DC to the first. > > > > If I am understanding: > > > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory > > correctly I am to get bind9 working properly before the join should > happen. > > > > I am getting this: > > > >> root at dc2:~# systemctl status bind9 > >> > >> ? bind9.service - BIND Domain Name Server > >> > >> Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor > preset: > >> enabled) > >> > >> Active: failed (Result: exit-code) since Mon 2020-10-12 08:53:06 CDT; > 2min > >> 38s ago > >> > >> Docs: man:named(8) > >> > >> Process: 560 ExecStart=/usr/sbin/named $OPTIONS (code=exited, > >> status=1/FAILURE) > >> > >> > >> Oct 12 08:53:06 dc2 named[561]: samba_dlz: Failed to connect to Failed > to > >> connect to */var/lib/samba/private/dns/sam.ldb*: Unable to open tdb > >> '/var/lib/samba/private/dns/sam.ldb': No such file or directory: > Operations > >> error > >> > var/lib/samba/private/dns has been replaced by /var/lib/samba/bind-dns/dns > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hai,
I'll reply later on other mails guys, but im in the last phase
of my servers move/merge and that has prio now.
# create the folder the the correct group and rights.
install -d /var/lib/samba/bind-dns -o root -g bind -m 660
# to be save we set the dns subfolder also.
chgrp bind /var/lib/samba/bind-dns/dns
# and we set the keytab file to be soure.
chmod 640 /var/lib/samba/bind-dns/dns.keytab
chgrp bind /var/lib/samba/bind-dns/dns.keytab
bind.name.options
// Allow Dynamic updates for Samba Bind_DLZ
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
auth-nxdomain yes;
minimal-responses yes;
And
/etc/bind/named.conf.local
// at install debian already sets the correct bind9.XX version in this file
below.
include "/var/lib/samba/bind-dns/named.conf";
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland penny via samba
> Verzonden: maandag 12 oktober 2020 16:25
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] BIND9 failing
>
> On 12/10/2020 15:17, Robert Wooden via samba wrote:
> > I am working towards joining my second DC to the first.
> >
> > If I am understanding:
> >
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Exis
> ting_Active_Directory
> > correctly I am to get bind9 working properly before the
> join should happen.
> >
> > I am getting this:
> >
> >> root at dc2:~# systemctl status bind9
> >>
> >> ??? bind9.service - BIND Domain Name Server
> >>
> >> Loaded: loaded (/lib/systemd/system/bind9.service;
> enabled; vendor preset:
> >> enabled)
> >>
> >> Active: failed (Result: exit-code) since Mon 2020-10-12
> 08:53:06 CDT; 2min
> >> 38s ago
> >>
> >> Docs: man:named(8)
> >>
> >> Process: 560 ExecStart=/usr/sbin/named $OPTIONS (code=exited,
> >> status=1/FAILURE)
> >>
> >>
> >> Oct 12 08:53:06 dc2 named[561]: samba_dlz: Failed to
> connect to Failed to
> >> connect to */var/lib/samba/private/dns/sam.ldb*: Unable to open
tdb
> >> '/var/lib/samba/private/dns/sam.ldb': No such file or
> directory: Operations
> >> error
> >>
> var/lib/samba/private/dns has been replaced by
> /var/lib/samba/bind-dns/dns
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
Forgot this one. systemctl edit bind9 #/etc/systemd/system/bind9.service.d/override.conf is created. # add below. [Service] # Disable reloading completely. ExecReload# Or set it to restart #ExecReload=/usr/sbin/rndc restart Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > L.P.H. van Belle via samba > Verzonden: maandag 12 oktober 2020 16:36 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] BIND9 failing > > Hai, > > I'll reply later on other mails guys, but im in the last phase > of my servers move/merge and that has prio now. > > > # create the folder the the correct group and rights. > install -d /var/lib/samba/bind-dns -o root -g bind -m 660 > > # to be save we set the dns subfolder also. > chgrp bind /var/lib/samba/bind-dns/dns > > # and we set the keytab file to be soure. > chmod 640 /var/lib/samba/bind-dns/dns.keytab > chgrp bind /var/lib/samba/bind-dns/dns.keytab > > bind.name.options > > // Allow Dynamic updates for Samba Bind_DLZ > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > auth-nxdomain yes; > minimal-responses yes; > > And > /etc/bind/named.conf.local > // at install debian already sets the correct bind9.XX > version in this file below. > include "/var/lib/samba/bind-dns/named.conf"; > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Rowland penny via samba > > Verzonden: maandag 12 oktober 2020 16:25 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] BIND9 failing > > > > On 12/10/2020 15:17, Robert Wooden via samba wrote: > > > I am working towards joining my second DC to the first. > > > > > > If I am understanding: > > > > > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Exis > > ting_Active_Directory > > > correctly I am to get bind9 working properly before the > > join should happen. > > > > > > I am getting this: > > > > > >> root at dc2:~# systemctl status bind9 > > >> > > >> ??? bind9.service - BIND Domain Name Server > > >> > > >> Loaded: loaded (/lib/systemd/system/bind9.service; > > enabled; vendor preset: > > >> enabled) > > >> > > >> Active: failed (Result: exit-code) since Mon 2020-10-12 > > 08:53:06 CDT; 2min > > >> 38s ago > > >> > > >> Docs: man:named(8) > > >> > > >> Process: 560 ExecStart=/usr/sbin/named $OPTIONS (code=exited, > > >> status=1/FAILURE) > > >> > > >> > > >> Oct 12 08:53:06 dc2 named[561]: samba_dlz: Failed to > > connect to Failed to > > >> connect to */var/lib/samba/private/dns/sam.ldb*: Unable > to open tdb > > >> '/var/lib/samba/private/dns/sam.ldb': No such file or > > directory: Operations > > >> error > > >> > > var/lib/samba/private/dns has been replaced by > > /var/lib/samba/bind-dns/dns > > > > Rowland > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >