missing /usr/local/samba/private/dns
Amitay Isaacs
amitay at gmail.com
Mon Mar 26 16:27:25 MDT 2012
On Mon, Mar 26, 2012 at 10:44 PM, Daniele Dario <d.dario76 at gmail.com> wrote:
> Hi Amitay,
>
> On Tue, 2012-03-13 at 20:03 +1100, Amitay Isaacs wrote:
>> Hi Daniele,
>>
>> On Tue, Mar 13, 2012 at 6:40 PM, Daniele Dario <d.dario76 at gmail.com> wrote:
>> > Hi Amitay,
>> >
>> > On Tue, 2012-03-13 at 12:13 +1100, Amitay Isaacs wrote:
>> >> Hi Greg,
>> >>
>> >> On Sat, Mar 10, 2012 at 2:45 PM, Greg Dickie <greg at justaguy.ca> wrote:
>> >> >
>> >> > Sounds great. Totally ready to be the guinea pig, just let me know what
>> >> > you need. One small question though. Is the ultimate goal to use a
>> >> > builtin DNS server? I thought this bind9 implementation was pretty cool.
>> >> > Is it missing anything that's required?
>> >> >
>> >> > Thanks for the quick response guys,
>> >> > Greg
>> >>
>> >> I have updated samba_upgradedns script now to handle upgrading dns
>> >> provision even after domain join. The new code is in my dns-wip
>> >> branch.
>> >>
>> >> git://git.samba.org/amitay/samba.git
>> >>
>> >> You can run samba_upgradedns multiple times without any side effects.
>> >> Let me know if that works for you.
>> >>
>> >> The ultimate goal is to use built-in dns server, so that samba does
>> >> not have to depend on external programs (BIND) for running. For time
>> >> being, BIND9 option is supported till built-in dns server becomes
>> >> fully operational.
>> >>
>> >> Amitay.
>> >
>> > do you mean that is possible to use upgradedns to provision the dns
>> > partitions on a samba4 DC already joined to a domain?
>>
>> Yes, that's correct. You can run samba_upgradedns on any provision and
>> it should upgrade it to use AD based backend.
>>
>> >
>> > If I catched I will use it on my secondary DC (primary is also samba4)
>> > to have also a secondary DNS. Does it also start replication of the dns
>> > partitions between the DCs?
>>
>> DNS partitions do get replicated, but you might have to restart the
>> secondary DC to get them correctly replicating. There is an issue
>> regarding msDs-hasMasterNCs attribute, which has yet to be resolved. I
>> haven't tried to set up a DNS server on a secondary DC using
>> replicated DNS as yet.
>>
>> > If yes, which is the best way to proceed?
>> > My idea is to upgrade secondary DC to latest git source, pull your
>> > branch to obtain upgradedns than run it from the secondary DC.
>>
>> You can use my dns-wip branch. First make sure that the partitions are
>> getting replicated. Once you confirm that, run samba_dnsupgrade on the
>> secondary DC to setup a AD database for BIND in dns/ directory.
>> Finally run BIND with DLZ on secondary DC. Obviously this hasn't been
>> tested, so your feedback is most welcome. :)
>>
>> Amitay.
>
> I had some troubles with the partitions replication.
> After some tries I updated bot the DCs to the same version (Version
> 4.0.0alpha19-GIT-e25f830) and now this is what I can see running
> samba-tool drs showrepl
>
> [root at kdc01:/usr/local/samba/private]# samba-tool drs showrepl
> ldb_wrap open of secrets.ldb
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:kdc01.saitelitalia.local[,seal]
> Default-First-Site-Name\KDC01
> DSA Options: 0x00000001
> DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
> DSA invocationId: 788bb21f-edc8-467d-89cf-f66b67840ce1
>
> ==== INBOUND NEIGHBORS ====
>
> DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC02 via RPC
> DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
> Last attempt @ Mon Mar 26 13:28:03 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Mon Mar 26 13:28:03 2012 CEST
>
> CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC02 via RPC
> DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
> Last attempt @ Mon Mar 26 13:28:03 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Mon Mar 26 13:28:03 2012 CEST
>
> CN=Configuration,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC02 via RPC
> DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
> Last attempt @ Mon Mar 26 13:28:04 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Mon Mar 26 13:28:04 2012 CEST
>
> ==== OUTBOUND NEIGHBORS ====
>
> DC=ForestDnsZones,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC02 via RPC
> DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC02 via RPC
> DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC02 via RPC
> DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC02 via RPC
> DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC02 via RPC
> DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: fef8d418-7309-4c61-9f21-0a9149c99ac2
> Enabled : TRUE
> Server DNS name : kdc01.saitelitalia.local
> Server DN name : CN=NTDS
> Settings,CN=KDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
> [root at kdc02:/usr/local/samba/private]# samba-tool drs showrepl
> ldb_wrap open of secrets.ldb
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:kdc02.saitelitalia.local[,seal]
> Default-First-Site-Name\KDC02
> DSA Options: 0x00000001
> DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
> DSA invocationId: 12ae5f8c-1ebb-4c38-942f-0bc85a132f46
>
> ==== INBOUND NEIGHBORS ====
>
> DC=ForestDnsZones,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC01 via RPC
> DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
> Last attempt @ Mon Mar 26 13:31:32 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Mon Mar 26 13:31:32 2012 CEST
>
> DC=DomainDnsZones,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC01 via RPC
> DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
> Last attempt @ Mon Mar 26 13:31:33 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Mon Mar 26 13:31:33 2012 CEST
>
> DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC01 via RPC
> DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
> Last attempt @ Mon Mar 26 13:31:33 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Mon Mar 26 13:31:33 2012 CEST
>
> CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC01 via RPC
> DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
> Last attempt @ Mon Mar 26 13:31:34 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Mon Mar 26 13:31:34 2012 CEST
>
> CN=Configuration,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC01 via RPC
> DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
> Last attempt @ Mon Mar 26 13:31:35 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Mon Mar 26 13:31:35 2012 CEST
>
> ==== OUTBOUND NEIGHBORS ====
>
> DC=ForestDnsZones,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC01 via RPC
> DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
> Last attempt @ Mon Mar 26 12:59:51 2012 CEST was successful
> 0 consecutive failure(s).
> Last success @ Mon Mar 26 12:59:51 2012 CEST
>
> DC=DomainDnsZones,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC01 via RPC
> DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
> Last attempt @ Fri Mar 23 12:41:53 2012 CET was successful
> 0 consecutive failure(s).
> Last success @ Fri Mar 23 12:41:53 2012 CET
>
> DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC01 via RPC
> DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC01 via RPC
> DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Configuration,DC=saitelitalia,DC=local
> Default-First-Site-Name\KDC01 via RPC
> DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: ccd53e6d-0f6e-4551-9103-064a48501322
> Enabled : TRUE
> Server DNS name : KDC02.saitelitalia.local
> Server DN name : CN=NTDS
> Settings,CN=KDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
> I do not understand why there is a difference between the answers:
> on kdc01 I don't see the DNS partitions in the INBOUND NEIGHBORS.
Have you waited long enough to see that the difference never goes away?
> Anyway, the version I had on kdc02 is not the one from your git so I
> guess samba_upgradedns is not correct.
Modified samba_dnsupgrade script is now in master. So use git master tree.
> If I try to use it I get:
>
> [root at kdc02:/usr/local/samba/private]# samba_upgradedns --verbose
> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
> params.c:pm_process() - Processing configuration file
> "/usr/local/samba/etc/smb.conf"
> Reading domain information
> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
> params.c:pm_process() - Processing configuration file
> "/usr/local/samba/etc/smb.conf"
> ldb: unable to
> dlopen /usr/local/samba/lib/ldb/acl.so : /root/samba4/upgradedns/dns-wip/bin/shared/private/libauthkrb5.so: version `SAMBA_4.0.0ALPHA19_GIT_E25F830' not found (required by /usr/local/samba/lib/ldb/acl.so)
> ldb: unable to
> dlopen /usr/local/samba/lib/ldb/aclread.so : /root/samba4/upgradedns/dns-wip/bin/shared/private/libsamdb-common.so: version `SAMBA_4.0.0ALPHA19_GIT_E25F830' not found (required by /usr/local/samba/lib/ldb/aclread.so)
> ldb: unable to
> dlopen /usr/local/samba/lib/ldb/anr.so : /root/samba4/upgradedns/dns-wip/bin/shared/private/libldbsamba.so: version `SAMBA_4.0.0ALPHA19_GIT_E25F830' not found (required by /usr/local/samba/lib/ldb/anr.so)
> ...
> ldb: unable to
> dlopen /usr/local/samba/lib/ldb/wins_ldb.so : /root/samba4/upgradedns/dns-wip/bin/shared/private/libnetif.so: version `SAMBA_4.0.0ALPHA19_GIT_E25F830' not found (required by /usr/local/samba/lib/ldb/wins_ldb.so)
> Unable to find backend for '/usr/local/samba/private/sam.ldb' - do you
> need to set LDB_MODULES_PATH?
> Traceback (most recent call last):
> File "/usr/local/samba/sbin/samba_upgradedns", line 272, in <module>
> ldbs = get_ldbs(paths, creds, system_session(), lp)
> File "/usr/lib/python2.7/samba/upgradehelpers.py", line 139, in
> get_ldbs
> ldbs.sam = SamDB(paths.samdb, session_info=session,
> credentials=creds, lp=lp, options=["modules:samba_dsdb"])
> File "/usr/lib/python2.7/samba/samdb.py", line 58, in __init__
> options=options)
> File "/usr/lib/python2.7/samba/__init__.py", line 116, in __init__
> self.connect(url, flags, options)
> File "/usr/lib/python2.7/samba/samdb.py", line 73, in connect
> options=options)
> _ldb.LdbError: (80, None)
>
> I think the problem is related to the samba4 version which on
> samba_upgradedns is expected to be the one in your branch.
> How can I proceed?
This might be due to the mix of different versions of installed
binaries and binaries from source. Build the latest git tree, make
install and then use all the binaries from the installed location.
This problem should go away.
> Should I update from your git branch and re-install it?
> And about the problems I told you in my last mails (modules ldb.so
> samba talloc.so tdb.so tevent.py _tevent.so: am I right to copy them
> in /usr/lib/python2.7/)?
You shouldn't have to install anything manually. All the binaries and
shared libraries are re-linked for install with correct rpath. So do
not copy any binaries/libraries from the bin/ in source directory to
install locations. Use make install to install all the files. If
something is not being installed correctly then it might be a problem
that needs to be fixed.
Amitay.
More information about the samba-technical
mailing list