samba4 from BDC to PDC

Amitay Isaacs amitay at gmail.com
Wed Dec 28 03:07:58 MST 2011


Hi Daniele

> Hi Amitay,
> here the log if I run:
> [root at kdc01:~]# named -g -d 10 -u bind -c /etc/bind/named.conf
> 27-Dec-2011 17:39:35.157 starting BIND 9.9.0b1 -g -d 10 -u bind
> -c /etc/bind/named.conf
> 27-Dec-2011 17:39:35.157 built with '--prefix=/usr'
> '--build=i686-linux-gnu' '--host=i686-linux-gnu'
> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
> '--sysconfdir=/etc/bind' '--localstatedir=/var/run/bind'
> '--enable-threads' '--enable-largefile' '--enable-shared'
> '--enable-static' '--with-libtool' '--with-openssl=/usr'
> '--with-gssapi=/usr' '--with-dlz-postgres=no' '--with-dlz-mysql=no'
> '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=no'
> '--with-dlopen=yes' '--with-dlz-stub=yes' '--enable-ipv6'
> 'build_alias=i686-linux-gnu' 'host_alias=i686-linux-gnu'
> 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O3'
> 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS=' 'CXXFLAGS=-g -O2'
> 'FFLAGS=-g -O2'
> 27-Dec-2011 17:39:35.157 adjusted limit on open files from 4096 to
> 1048576
> 27-Dec-2011 17:39:35.157 found 2 CPUs, using 2 worker threads
> 27-Dec-2011 17:39:35.158 using up to 4096 sockets
> 27-Dec-2011 17:39:35.158 Registering DLZ_dlopen driver
> 27-Dec-2011 17:39:35.158 Registering SDLZ driver 'dlopen'
> 27-Dec-2011 17:39:35.158 Registering DLZ driver 'dlopen'
> 27-Dec-2011 17:39:35.158 Registering DLZ_stub driver.
> 27-Dec-2011 17:39:35.158 Registering SDLZ driver 'dlz_stub'
> 27-Dec-2011 17:39:35.158 Registering DLZ driver 'dlz_stub'
> 27-Dec-2011 17:39:35.158 Registering DLZ filesystem driver.
> 27-Dec-2011 17:39:35.158 Registering SDLZ driver 'filesystem'
> 27-Dec-2011 17:39:35.158 Registering DLZ driver 'filesystem'
> 27-Dec-2011 17:39:35.158 Registering DLZ bdb driver.
> 27-Dec-2011 17:39:35.158 Registering SDLZ driver 'bdb'
> 27-Dec-2011 17:39:35.158 Registering DLZ driver 'bdb'
> 27-Dec-2011 17:39:35.158 Registering DLZ bdbhpt driver.
> 27-Dec-2011 17:39:35.158 Registering SDLZ driver 'bdbhpt'
> 27-Dec-2011 17:39:35.158 Registering DLZ driver 'bdbhpt'
> 27-Dec-2011 17:39:35.159 decrement_reference: delete from rbt:
> 0xb6e240b0 .
> 27-Dec-2011 17:39:35.164 loading configuration from
> '/etc/bind/named.conf'
> 27-Dec-2011 17:39:35.165 /usr/local/samba/private/named.conf:13: unknown
> option 'update-policy'
> 27-Dec-2011 17:39:35.165 load_configuration: failure
> 27-Dec-2011 17:39:35.165 loading configuration: failure
> 27-Dec-2011 17:39:35.165 exiting (due to fatal error)
>
> where /usr/local/samba/private/named.conf contains
>
> #
> # This configures dynamically loadable zones (DLZ) from AD schema
> #
> dlz "AD DNS Zone" {
>    database "dlopen /usr/local/samba/modules/bind9/dlz_bind9.so";
>    update-policy {
>        grant SAITELITALIA.LOCAL ms-self * A AAAA;
>        grant Administrator at SAITELITALIA.LOCAL wildcard * A AAAA SRV
> CNAME;
>        grant KDC01$@saitelitalia.local wildcard * A AAAA SRV CNAME;
>    };
> };
>
> Last Friday, when I tried, I had no time to investigate but looking at
> the log maybe that I had to move the update policy out of the zone and
> add it in the named.conf.options so it is global?
>
> Daniele
>

Dynamic zones do not support update-policy option. You can remove
update-policy section
from the configuration. Access control is checked inside the dynamic
update code (in dlz_bind9 module).

Amitay.


More information about the samba-technical mailing list