[Samba] CentOS 6, BIND_DLZ and kinit errors (Cannot contact any KDC for requested realm)

Thomas Harold thomas-lists at nybeta.com
Sat May 3 10:12:37 MDT 2014 

On 5/3/2014 11:28 AM, Rowland Penny wrote:
> Hi, you should get something like this in syslog when named starts:
> 
> May  3 16:23:17 dc1 named[15789]: Loading 'AD DNS Zone' using driver dlopen
> May  3 16:23:18 dc1 named[15789]: samba_dlz: started for DN
> DC=example,DC=com
> May  3 16:23:18 dc1 named[15789]: samba_dlz: starting configure
> May  3 16:23:18 dc1 named[15789]: samba_dlz: configured writeable zone
> '0.168.192.in-addr.arpa'
> May  3 16:23:18 dc1 named[15789]: samba_dlz: configured writeable zone
> 'example.com'
> May  3 16:23:18 dc1 named[15789]: samba_dlz: configured writeable zone
> '_msdcs.example.com'
> 

Startup of the named service (no 'dlopen' seen)

May  3 12:00:34 shimo named[4100]: starting BIND
9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 -u named -4
May  3 12:00:34 shimo named[4100]: built with
'--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu'
'--target=x86_64-re
dhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/et
c' '--datadir=/usr/share' '--includedir=/usr/include'
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
'--sharedstatedir=/var/lib'
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool'
'--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--
with-pic' '--disable-static' '--disable-openssl-version-check'
'--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes
' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego'
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets
' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linu
x-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=gene
ric' 'CPPFLAGS= -DDIG_SIGCHASE'

No other messages about the SAMBA AD zones being created (even though
named's configuration file points at /var/lib/samba/private/named.conf

And the messages from SAMBA in the system log when it starts:

May  3 12:03:11 shimo samba[4226]: [2014/05/03 12:03:11.235231,  0]
../source4/smbd/server.c:370(binary_smbd_main)
May  3 12:03:11 shimo samba[4226]:   samba version
4.1.7-SerNet-RedHat-7.el6 started.
May  3 12:03:11 shimo samba[4226]:   Copyright Andrew Tridgell and the
Samba Team 1992-2013
May  3 12:03:11 shimo samba[4227]: [2014/05/03 12:03:11.533311,  0]
../source4/smbd/server.c:492(binary_smbd_main)
May  3 12:03:11 shimo samba[4227]:   samba: using 'standard' process model
May  3 12:03:12 shimo samba[4243]: [2014/05/03 12:03:12.672304,  0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
May  3 12:03:12 shimo samba[4243]:   /usr/sbin/samba_dnsupdate:
Traceback (most recent call last):
May  3 12:03:12 shimo samba[4243]: [2014/05/03 12:03:12.672504,  0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
May  3 12:03:12 shimo samba[4243]:   /usr/sbin/samba_dnsupdate:   File
"/usr/sbin/samba_dnsupdate", line 510, in <module>
May  3 12:03:12 shimo samba[4243]: [2014/05/03 12:03:12.672585,  0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
May  3 12:03:12 shimo samba[4243]:   /usr/sbin/samba_dnsupdate:
get_credentials(lp)
May  3 12:03:12 shimo samba[4243]: [2014/05/03 12:03:12.672634,  0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
May  3 12:03:12 shimo samba[4243]:   /usr/sbin/samba_dnsupdate:   File
"/usr/sbin/samba_dnsupdate", line 123, in get_credentials
May  3 12:03:12 shimo samba[4243]: [2014/05/03 12:03:12.672691,  0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
May  3 12:03:12 shimo samba[4243]:   /usr/sbin/samba_dnsupdate:     raise e
May  3 12:03:12 shimo samba[4243]: [2014/05/03 12:03:12.672743,  0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
May  3 12:03:12 shimo samba[4243]:   /usr/sbin/samba_dnsupdate:
RuntimeError: kinit for SHIMO$@EXAMPLE.COM failed (Cannot contact any
KDC for requested realm)
May  3 12:03:12 shimo samba[4243]: [2014/05/03 12:03:12.672792,  0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
May  3 12:03:12 shimo samba[4243]:   /usr/sbin/samba_dnsupdate:

All of which seems to be telling me that the version of BIND that I have
installed does not have "dlopen".  So I need to go fix that first.

More information about the samba mailing list