[Samba] bind9 won't run

Rowland Penny rpenny at samba.org
Sun Oct 16 17:55:26 UTC 2016 

On Sun, 16 Oct 2016 12:38:00 -0500
Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:

> I am working on my second Ubuntu 16.04.1LTS running Samba 4.5.0 with
> Bind9_DLZ. 
> 
> I have one machine just like this one. Same hardware, same software
> setup. First machine is working fine. 
> 
> At the moment this (second) machine is not joined to the other (until
> I get Bind running.) 
> 
> I have searched log complaints. Compared settings between the two
> machines and despite bind running on the first one, cannot get bind to
> run on the second. 
> 
> root at dtdc03:~# systemctl restart apparmor.service
> root at dtdc03:~# systemctl status apparmor.service
> ● apparmor.service - LSB: AppArmor initialization
>    Loaded: loaded (/etc/init.d/apparmor; bad; vendor preset: enabled)
>    Active: active (exited) since Sun 2016-10-16 12:14:58 CDT; 13s ago
>      Docs: man:systemd-sysv-generator(8)
>   Process: 2197 ExecStop=/etc/init.d/apparmor stop (code=exited,
> status=0/SUCCESS)
>   Process: 1547 ExecReload=/etc/init.d/apparmor reload (code=exited,
> status=123)
>   Process: 2211 ExecStart=/etc/init.d/apparmor start (code=exited,
> status=0/SUCCESS)
> 
> Oct 16 12:14:54 dtdc03 systemd[1]: Starting LSB: AppArmor
> initialization...
> Oct 16 12:14:54 dtdc03 apparmor[2211]:  * Starting AppArmor profiles
> Oct 16 12:14:57 dtdc03 apparmor[2211]: Skipping profile in
> /etc/apparmor.d/disable: usr.sbin.rsyslogd
> Oct 16 12:14:58 dtdc03 apparmor[2211]:    ...done.
> Oct 16 12:14:58 dtdc03 systemd[1]: Started LSB: AppArmor
> initialization. root at dtdc03:~# systemctl restart bind9
> root at dtdc03:~# systemctl status bind9
> ● bind9.service - BIND Domain Name Server
>    Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
> preset: enabled)
>   Drop-In: /run/systemd/generator/bind9.service.d
>            └─50-insserv.conf-$named.conf
>    Active: failed (Result: exit-code) since Sun 2016-10-16 12:15:21
> CDT; 7s ago
>      Docs: man:named(8)
>   Process: 2267 ExecStop=/usr/sbin/rndc stop (code=exited,
> status=1/FAILURE)
>   Process: 2260 ExecStart=/usr/sbin/named -f -u bind (code=exited,
> status=1/FAILURE)
>  Main PID: 2260 (code=exited, status=1/FAILURE)
> 
> Oct 16 12:15:21 dtdc03 named[2260]: listening on IPv4 interface
> enp2s0, 192.168.16.49#53
> Oct 16 12:15:21 dtdc03 named[2260]: generating session key for dynamic
> DNS
> Oct 16 12:15:21 dtdc03 named[2260]: sizing zone task pool based on 5
> zones
> Oct 16 12:15:21 dtdc03 named[2260]: Loading 'AD DNS Zone' using driver
> dlopen
> Oct 16 12:15:21 dtdc03 named[2260]: dlz_dlopen failed to open library
> '/usr/local/samba/lib/bind9/dlz_bind9_10.so' -
> /usr/local/samba/lib/bind9/dlz_bind9_10.so: cannot open shared object
> file: P
> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Main process exited,
> code=exited, status=1/FAILURE
> Oct 16 12:15:21 dtdc03 rndc[2267]: rndc: connect failed:
> 127.0.0.1#953: connection refused
> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Control process
> exited, code=exited status=1
> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Unit entered failed
> state.
> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Failed with result
> 'exit-code'. 
> 
> Part of the /var/log/syslog 
> 
> Oct 16 12:15:21 dtdc03 named[2260]: listening on IPv4 interface
> enp2s0, 192.168.16.49#53
> Oct 16 12:15:21 dtdc03 named[2260]: generating session key for dynamic
> DNS
> Oct 16 12:15:21 dtdc03 named[2260]: sizing zone task pool based on 5
> zones
> Oct 16 12:15:21 dtdc03 named[2260]: Loading 'AD DNS Zone' using driver
> dlopen
> Oct 16 12:15:21 dtdc03 named[2260]: dlz_dlopen failed to open library
> '/usr/local/samba/lib/bind9/dlz_bind9_10.so' -
> /usr/local/samba/lib/bind9/dlz_bind9_10.so: cannot open shared object
> file: Permission denied
> Oct 16 12:15:21 dtdc03 named[2260]: dlz_dlopen of 'AD DNS Zone' failed
> Oct 16 12:15:21 dtdc03 named[2260]: SDLZ driver failed to load.
> Oct 16 12:15:21 dtdc03 named[2260]: DLZ driver failed to load.
> Oct 16 12:15:21 dtdc03 named[2260]: loading configuration: failure
> Oct 16 12:15:21 dtdc03 kernel: [ 2033.472693] audit_printk_skb: 18
> callbacks suppressed
> Oct 16 12:15:21 dtdc03 kernel: [ 2033.472704] audit: type=1400
> audit(1476638121.877:194): apparmor="DENIED" operation="open"
> profile="/usr/sbin/named"
> name="/usr/local/samba/lib/bind9/dlz_bind9_10.so" pid=2263
> comm="named" requested_mask="r" denied_mask="r" fsuid=113 ouid=0
> Oct 16 12:15:21 dtdc03 named[2260]: exiting (due to fatal error)
> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Main process exited,
> code=exited, status=1/FAILURE
> Oct 16 12:15:21 dtdc03 rndc[2267]: rndc: connect failed:
> 127.0.0.1#953: connection refused
> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Control process
> exited, code=exited status=1
> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Unit entered failed
> state.
> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Failed with result
> 'exit-code'. 
> 
> I must be overlooking something but, what? 
> 

How about:

dlz_dlopen failed to open library '/usr/local/samba/lib/bind9/dlz_bind9_10.so' - 
/usr/local/samba/lib/bind9/dlz_bind9_10.so: cannot open shared object
file: Permission denied

and:

apparmor="DENIED" operation="open" profile="/usr/sbin/named"
name="/usr/local/samba/lib/bind9/dlz_bind9_10.so" pid=2263 comm="named"
requested_mask="r" denied_mask="r" fsuid=113 ouid=0

You need to set up Apparmor.

Rowland

More information about the samba mailing list