[Samba] samba4+bind on centos

Ludek Finstrle ludek.finstrle at pzkagis.cz
Fri Jun 7 07:38:18 MDT 2013 

Hello NOC,

  you didn't provide any configuration so I'm just guessing using
my new crystal ball.

Fri, Jun 07, 2013 at 02:45:09PM +0200, NOC napsal(a):
> Hi all
> 
> root at puppettest01 var]# samba_dnsupdate --verbose --all-names
> IPs: ['192.168.0.1']
> Traceback (most recent call last):
>   File "/usr/sbin/samba_dnsupdate", line 506, in <module>
>     get_credentials(lp)
>   File "/usr/sbin/samba_dnsupdate", line 119, in get_credentials
>     creds.get_named_ccache(lp, ccachename)
> RuntimeError: kinit for PUPPETTEST01$@NIEUWLAND.NL failed (Cannot
> contact any KDC for requested realm)

You have configured kerberos to look for KDC using DNS and DNS
server is not running.

> When looking at the debug output of bind, it doesn't seem to have
> loaded the DLZ module from samba4.
> 
> I tried this: named -g -c /etc/bind/named.conf -u named -d3 2>&1
> |grep -i dlz
> 07-Jun-2013 14:18:24.514 built with '--host=x86_64-redhat-linux-gnu'
> '--build=x86_64-redhat-linux-gnu' '--program-prefix='
> '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
> '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
> '--includedir=/usr/include' '--libdir=/usr/lib64'
> '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
> '--with-libtool' '--localstatedir=/var' '--enable-threads'
> '--enable-ipv6' '--with-pic' '--disable-static'
> '--disable-openssl-version-check' '--with-dlopen=yes'
> '--with-dlz-ldap=yes' '--with-dlz-postgres=yes'
> '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes'
> '--with-dlz-stub=yes' '--with-gssapi=yes' '--disable-isc-spnego'
> '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
> '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu'
> 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS=
> -DDIG_SIGCHASE'
> 07-Jun-2013 14:18:24.516 Registering DLZ_dlopen driver
> 07-Jun-2013 14:18:24.516 Registering SDLZ driver 'dlopen'
> 07-Jun-2013 14:18:24.516 Registering DLZ driver 'dlopen'
> 
> The packages samba4 (using git master from 2 days ago) and bind are
> self-compiled on another centos 6.4 machine. As you can see, the
> options '--with-gssapi=yes' and '--with-dlopen=yes' are set (this is
> 9.8.2 from the source rpm)
> 
> I followed the instructions on how to include
> /var/lib/samba4/private/named.conf and named.txt, however, that
> didn't work as advertised (cannot read
> /var/lib/samba4/private/named.conf, though it was readable by user
> named???), so I included the stuff in ...private/named.conf
> literally in the /etc/bind/named.conf (as you can see, the
> named.conf location is nonstandard, this is handled in
> /etc/sysconfig/named).

What about selinux?
Also giving us only grep of logs are useless. There should be very
interesting lines below:
07-Jun-2013 14:18:24.516 Registering DLZ driver 'dlopen'


> samba4 was provisioned for NIEUWLAND.NL as dc and BIND9_DLZ
>
> I wonder which steps would be most likely to let bind load the driver
> for dlz? Should I suspect all the patches redhat includes in their
> source rpm? or is it a configuration issue?

This part is working with plain CentOS named for me.
The problem mentioned with --disable-isc-spnego is only with
Windows client updates to the dns.

Please give us the named.conf (at least the part you copied
from samba) and also the named output from /var/log/messages
during startup (no debug is needed usually).

Best regards,

Luf

More information about the samba mailing list