[Samba] CentOS 6.8 named won't start after upgrade
Paul R. Ganci
ganci at nurdog.com
Thu Sep 29 06:20:59 UTC 2016
Ugh, I was upgrading the AD server running on a CentOS 6.8 which uses
named as its back-end. I have been running it for years with no
problems. Today after upgrading bind named will not start. I get this error:
Sep 28 23:32:25 nikita named[6369]:
----------------------------------------------------
Sep 28 23:32:25 nikita named[6369]: BIND 9 is maintained by Internet
Systems Consortium,
Sep 28 23:32:25 nikita named[6369]: Inc. (ISC), a non-profit 501(c)(3)
public-benefit
Sep 28 23:32:25 nikita named[6369]: corporation. Support and training
for BIND 9 are
Sep 28 23:32:25 nikita named[6369]: available at https://www.isc.org/support
Sep 28 23:32:25 nikita named[6369]:
----------------------------------------------------
Sep 28 23:32:25 nikita named[6369]: adjusted limit on open files from
4096 to 1048576
Sep 28 23:32:25 nikita named[6369]: found 8 CPUs, using 8 worker threads
Sep 28 23:32:25 nikita named[6369]: using up to 4096 sockets
Sep 28 23:32:25 nikita named[6369]: loading configuration from
'/etc/named.conf'
Sep 28 23:32:25 nikita named[6369]: reading built-in trusted keys from
file '/etc/named.iscdlv.key'
Sep 28 23:32:25 nikita named[6369]: using default UDP/IPv4 port range:
[1024, 65535]
Sep 28 23:32:25 nikita named[6369]: using default UDP/IPv6 port range:
[1024, 65535]
Sep 28 23:32:25 nikita named[6369]: no IPv6 interfaces found
Sep 28 23:32:25 nikita named[6369]: listening on IPv4 interface lo,
127.0.0.1#53
Sep 28 23:32:25 nikita named[6369]: listening on IPv4 interface br0,
192.168.1.11#53
Sep 28 23:32:25 nikita named[6369]: listening on IPv4 interface br1,
xxx.xxx.xxx.xxx#53
Sep 28 23:32:25 nikita named[6369]: listening on IPv4 interface virbr0,
192.168.122.1#53
Sep 28 23:32:25 nikita named[6369]: binding TCP socket: address in use
Sep 28 23:32:25 nikita named[6369]: generating session key for dynamic DNS
Sep 28 23:32:25 nikita named[6369]: sizing zone task pool based on 6 zones
Sep 28 23:32:25 nikita named[6369]: Loading 'AD DNS Zone' using driver
dlopen
Sep 28 23:32:25 nikita named[6369]: samba_dlz: Failed to connect to
/var/lib/samba/private/dns/sam.ldb
Sep 28 23:32:25 nikita named[6369]: dlz_dlopen of 'AD DNS Zone' failed
Sep 28 23:32:25 nikita named[6369]: SDLZ driver failed to load.
Sep 28 23:32:25 nikita named[6369]: DLZ driver failed to load.
Sep 28 23:32:25 nikita named[6369]: loading configuration: failure
Sep 28 23:32:25 nikita named[6369]: exiting (due to fatal error)
Usually this occurs because of a protection issue. But I have just
checked... Everything has the correct protections from what I can tell:
> cd /var/lib/samba
> ls -alt
total 22160
-rw------- 1 root root 32768 Sep 29 00:08
winbindd_cache.tdb
drwxr-x--- 8 root named 4096 Sep 28 23:41 private
> cd private
/var/lib/samba/private
> ls -alt
total 5080
drwx------ 2 root root 4096 Sep 29 00:08 msg.sock
drwxr-x--- 8 root named 4096 Sep 28 23:41 .
-rw------- 1 root root 24576 Sep 28 23:33 schannel_store.tdb
-rw-r--r-- 1 root root 633 Sep 28 23:24 named.conf
srwxrwxrwx 1 root root 0 Sep 28 23:23 ldapi
drwxr-x--- 2 root root 4096 Sep 28 23:23 ldap_priv
drwxr-xr-x 10 root root 4096 Sep 28 23:23 ..
-rw------- 1 root root 696 Sep 28 23:23 netlogon_creds_cli.tdb
drwxrwx--- 3 root named 4096 Sep 11 00:18 dns
> cd dns
/var/lib/samba/private/dns
> ls -alt
total 2956
drwxr-x--- 8 root named 4096 Sep 28 23:41 ..
drwxrwx--- 2 root named 4096 Sep 11 00:18 sam.ldb.d
drwxrwx--- 3 root named 4096 Sep 11 00:18 .
-rw-r----- 1 root named 3014656 Sep 11 00:05 sam.ldb
I also believe I have the correct SDLZ driver. Here is the contents of
/var/lib/samba/private/named.conf
> cat named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba/private/named.conf";
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
# For BIND 9.8.x
database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";
# For BIND 9.9.x
# database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so";
# For BIND 9.10.x
# database "dlopen /usr/lib64/samba/bind9/dlz_bind9_10.so";
};
Finally
> named -V
BIND 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 built with
'--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu'
'--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr'
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var'
'--enable-threads' '--enable-ipv6' '--enable-filter-aaaa' '--with-pic'
'--disable-static' '--disable-openssl-version-check' '--enable-rpz-nsip'
'--enable-rpz-nsdname' '--with-dlopen=yes' '--with-dlz-ldap=yes'
'--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
'--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego'
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
'--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu'
'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
using OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013
using libxml2 version: 2.7.6
There is no reason that what was working prior to the upgrade should
fail now. Does anybody see what is wrong? Very frustrating problem.
--
Paul (ganci at nurdog.com)
Cell: (303)257-5208
More information about the samba
mailing list