[Samba] samba4+bind on centos

NOC noc at nieuwland.nl
Fri Jun 7 06:45:09 MDT 2013 

Hi all

I've given up on the idea that I can make a script to import our 
<domain>-zone into samba internal dns with samba-tool as it gets really 
messy with subdomains. Instead I'm now trying to get samba4 to let bind 
handle the <domain>-zone as well als dynamic updates and such.

The problem is that once I've started named and samba4 after 
provisioning, I try to test dynamic updates and it oopses with the message:
root at puppettest01 var]# samba_dnsupdate --verbose --all-names
IPs: ['192.168.0.1']
Traceback (most recent call last):
   File "/usr/sbin/samba_dnsupdate", line 506, in <module>
     get_credentials(lp)
   File "/usr/sbin/samba_dnsupdate", line 119, in get_credentials
     creds.get_named_ccache(lp, ccachename)
RuntimeError: kinit for PUPPETTEST01$@NIEUWLAND.NL failed (Cannot 
contact any KDC for requested realm)

When looking at the debug output of bind, it doesn't seem to have loaded 
the DLZ module from samba4.

I tried this: named -g -c /etc/bind/named.conf -u named -d3 2>&1 |grep 
-i dlz
07-Jun-2013 14:18:24.514 built with '--host=x86_64-redhat-linux-gnu' 
'--build=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' 
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' 
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' 
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec' 
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man' 
'--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' 
'--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' 
'--disable-openssl-version-check' '--with-dlopen=yes' 
'--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' 
'--with-dlz-filesystem=yes' '--with-dlz-stub=yes' '--with-gssapi=yes' 
'--disable-isc-spnego' 
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 
'--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS= 
-DDIG_SIGCHASE'
07-Jun-2013 14:18:24.516 Registering DLZ_dlopen driver
07-Jun-2013 14:18:24.516 Registering SDLZ driver 'dlopen'
07-Jun-2013 14:18:24.516 Registering DLZ driver 'dlopen'

The packages samba4 (using git master from 2 days ago) and bind are 
self-compiled on another centos 6.4 machine. As you can see, the options 
'--with-gssapi=yes' and '--with-dlopen=yes' are set (this is 9.8.2 from 
the source rpm)

I followed the instructions on how to include 
/var/lib/samba4/private/named.conf and named.txt, however, that didn't 
work as advertised (cannot read /var/lib/samba4/private/named.conf, 
though it was readable by user named???), so I included the stuff in 
...private/named.conf literally in the /etc/bind/named.conf (as you can 
see, the named.conf location is nonstandard, this is handled in 
/etc/sysconfig/named).

samba4 was provisioned for NIEUWLAND.NL as dc and BIND9_DLZ

I figure the problem lies in not loading the dlopen driver, which should 
probably look like:

03-Jun-2013 14:38:43.370 Loading 'AD DNS Zone' using driver dlopen
03-Jun-2013 14:38:43.371 Loading SDLZ driver.
03-Jun-2013 14:38:47.233 samba_dlz: started for DN DC=intranet01,DC=hom
03-Jun-2013 14:38:47.234 SDLZ driver loaded successfully.
03-Jun-2013 14:38:47.234 DLZ driver loaded successfully.
03-Jun-2013 14:38:47.235 samba_dlz: starting configure
03-Jun-2013 14:38:47.275 zone 200.168.192.in-addr.arpa/NONE: number of nodes in database: 0
03-Jun-2013 14:38:47.278 zone 200.168.192.in-addr.arpa/NONE: loaded; checking validity
03-Jun-2013 14:38:47.281 zone_settimer: zone 200.168.192.in-addr.arpa/NONE: enter
03-Jun-2013 14:38:47.282 samba_dlz: configured writeable zone '200.168.192.in-addr.arpa'
03-Jun-2013 14:38:47.284 zone intranet01.hom/NONE: number of nodes in database: 0
03-Jun-2013 14:38:47.286 zone intranet01.hom/NONE: loaded; checking validity

(I saw this in another mail to this list, but there bind was compiled from original sources and version 9.9.3)

I wonder which steps would be most likely to let bind load the driver for dlz? Should I suspect all the patches redhat includes in their source rpm? or is it a configuration issue?

Cheers

Simon

More information about the samba mailing list