[Samba] bind9 won't run
Bob of Donelson Trophy
bob at donelsontrophy.net
Sun Oct 16 18:13:27 UTC 2016
On 2016-10-16 12:55, Rowland Penny via samba wrote:
> On Sun, 16 Oct 2016 12:38:00 -0500
> Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:
>
>> I am working on my second Ubuntu 16.04.1LTS running Samba 4.5.0 with
>> Bind9_DLZ.
>>
>> I have one machine just like this one. Same hardware, same software
>> setup. First machine is working fine.
>>
>> At the moment this (second) machine is not joined to the other (until
>> I get Bind running.)
>>
>> I have searched log complaints. Compared settings between the two
>> machines and despite bind running on the first one, cannot get bind to
>> run on the second.
>>
>> root at dtdc03:~# systemctl restart apparmor.service
>> root at dtdc03:~# systemctl status apparmor.service
>> ● apparmor.service - LSB: AppArmor initialization
>> Loaded: loaded (/etc/init.d/apparmor; bad; vendor preset: enabled)
>> Active: active (exited) since Sun 2016-10-16 12:14:58 CDT; 13s ago
>> Docs: man:systemd-sysv-generator(8)
>> Process: 2197 ExecStop=/etc/init.d/apparmor stop (code=exited,
>> status=0/SUCCESS)
>> Process: 1547 ExecReload=/etc/init.d/apparmor reload (code=exited,
>> status=123)
>> Process: 2211 ExecStart=/etc/init.d/apparmor start (code=exited,
>> status=0/SUCCESS)
>>
>> Oct 16 12:14:54 dtdc03 systemd[1]: Starting LSB: AppArmor
>> initialization...
>> Oct 16 12:14:54 dtdc03 apparmor[2211]: * Starting AppArmor profiles
>> Oct 16 12:14:57 dtdc03 apparmor[2211]: Skipping profile in
>> /etc/apparmor.d/disable: usr.sbin.rsyslogd
>> Oct 16 12:14:58 dtdc03 apparmor[2211]: ...done.
>> Oct 16 12:14:58 dtdc03 systemd[1]: Started LSB: AppArmor
>> initialization. root at dtdc03:~# systemctl restart bind9
>> root at dtdc03:~# systemctl status bind9
>> ● bind9.service - BIND Domain Name Server
>> Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
>> preset: enabled)
>> Drop-In: /run/systemd/generator/bind9.service.d
>> └─50-insserv.conf-$named.conf
>> Active: failed (Result: exit-code) since Sun 2016-10-16 12:15:21
>> CDT; 7s ago
>> Docs: man:named(8)
>> Process: 2267 ExecStop=/usr/sbin/rndc stop (code=exited,
>> status=1/FAILURE)
>> Process: 2260 ExecStart=/usr/sbin/named -f -u bind (code=exited,
>> status=1/FAILURE)
>> Main PID: 2260 (code=exited, status=1/FAILURE)
>>
>> Oct 16 12:15:21 dtdc03 named[2260]: listening on IPv4 interface
>> enp2s0, 192.168.16.49#53
>> Oct 16 12:15:21 dtdc03 named[2260]: generating session key for dynamic
>> DNS
>> Oct 16 12:15:21 dtdc03 named[2260]: sizing zone task pool based on 5
>> zones
>> Oct 16 12:15:21 dtdc03 named[2260]: Loading 'AD DNS Zone' using driver
>> dlopen
>> Oct 16 12:15:21 dtdc03 named[2260]: dlz_dlopen failed to open library
>> '/usr/local/samba/lib/bind9/dlz_bind9_10.so' -
>> /usr/local/samba/lib/bind9/dlz_bind9_10.so: cannot open shared object
>> file: P
>> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Main process exited,
>> code=exited, status=1/FAILURE
>> Oct 16 12:15:21 dtdc03 rndc[2267]: rndc: connect failed:
>> 127.0.0.1#953: connection refused
>> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Control process
>> exited, code=exited status=1
>> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Unit entered failed
>> state.
>> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Failed with result
>> 'exit-code'.
>>
>> Part of the /var/log/syslog
>>
>> Oct 16 12:15:21 dtdc03 named[2260]: listening on IPv4 interface
>> enp2s0, 192.168.16.49#53
>> Oct 16 12:15:21 dtdc03 named[2260]: generating session key for dynamic
>> DNS
>> Oct 16 12:15:21 dtdc03 named[2260]: sizing zone task pool based on 5
>> zones
>> Oct 16 12:15:21 dtdc03 named[2260]: Loading 'AD DNS Zone' using driver
>> dlopen
>> Oct 16 12:15:21 dtdc03 named[2260]: dlz_dlopen failed to open library
>> '/usr/local/samba/lib/bind9/dlz_bind9_10.so' -
>> /usr/local/samba/lib/bind9/dlz_bind9_10.so: cannot open shared object
>> file: Permission denied
>> Oct 16 12:15:21 dtdc03 named[2260]: dlz_dlopen of 'AD DNS Zone' failed
>> Oct 16 12:15:21 dtdc03 named[2260]: SDLZ driver failed to load.
>> Oct 16 12:15:21 dtdc03 named[2260]: DLZ driver failed to load.
>> Oct 16 12:15:21 dtdc03 named[2260]: loading configuration: failure
>> Oct 16 12:15:21 dtdc03 kernel: [ 2033.472693] audit_printk_skb: 18
>> callbacks suppressed
>> Oct 16 12:15:21 dtdc03 kernel: [ 2033.472704] audit: type=1400
>> audit(1476638121.877:194): apparmor="DENIED" operation="open"
>> profile="/usr/sbin/named"
>> name="/usr/local/samba/lib/bind9/dlz_bind9_10.so" pid=2263
>> comm="named" requested_mask="r" denied_mask="r" fsuid=113 ouid=0
>> Oct 16 12:15:21 dtdc03 named[2260]: exiting (due to fatal error)
>> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Main process exited,
>> code=exited, status=1/FAILURE
>> Oct 16 12:15:21 dtdc03 rndc[2267]: rndc: connect failed:
>> 127.0.0.1#953: connection refused
>> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Control process
>> exited, code=exited status=1
>> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Unit entered failed
>> state.
>> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Failed with result
>> 'exit-code'.
>>
>> I must be overlooking something but, what?
>
> How about:
>
> dlz_dlopen failed to open library '/usr/local/samba/lib/bind9/dlz_bind9_10.so' -
> /usr/local/samba/lib/bind9/dlz_bind9_10.so: cannot open shared object
> file: Permission denied
>
> and:
>
> apparmor="DENIED" operation="open" profile="/usr/sbin/named"
> name="/usr/local/samba/lib/bind9/dlz_bind9_10.so" pid=2263 comm="named"
> requested_mask="r" denied_mask="r" fsuid=113 ouid=0
>
> You need to set up Apparmor.
>
> Rowland
I guess where I am confused. Am I giving permission to "/usr/sbin/named"
or "/usr/local/samba/lib/bind9/dlz_bind9_10.so" or both?
Apparmor is set the same on both machines and first machine works this
one (second machine) does not!
I thought (could be wrong) that apparmor gives permission to the "name="
file?
--
_______________________________
Bob Wooden of Donelson Trophy
More information about the samba
mailing list