[Samba] using samba with bind dlz

Jeff Sadowski jeff.sadowski at gmail.com
Mon Jul 10 15:17:52 UTC 2017


I found the
file /usr/lib64/python2.7/site-packages/samba/provision/sambadns.py
I was looking through it and seemed to come across the area where I am
having problems.

In the create_dns_dir function

I wanted to see what paths.dns had and what dns_dir where getting set to.

so I did a simple print and found

paths.dir is set
to /var/lib/samba/private/dns/fedora.methanemaker.mooo.com.zone
and
dns_dir is set to /var/lib/samba/private/dns

next I check those directories

[root at dc1 ~]# ls -l
/var/lib/samba/private/dns/fedora.methanemaker.mooo.com.zone
ls: cannot access
'/var/lib/samba/private/dns/fedora.methanemaker.mooo.com.zone': No such
file or directory
[root at dc1 ~]# mkdir -p
/var/lib/samba/private/dns/fedora.methanemaker.mooo.com.zone

it looks like samba-tool removes that directory

I'll keep looking for the culprit in that function.




On Mon, Jul 10, 2017 at 8:50 AM, Jeff Sadowski <jeff.sadowski at gmail.com>
wrote:

>
> On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Mon, 10 Jul 2017 06:43:37 -0600
>> Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>>
>> > Bind-9.11 is installed. How do you configure it? Does it need anything
>> > special in the config for samba to build the ...samba.../named.conf
>> > file that I should be able to include in my /etc/named.conf
>> > afterwards?
>>
>> With Fedora being a bit 'bleeding edge', I just wondered if they had
>> started using Bind10, but 9.11 should be okay, Samba knows all about
>> that version ;-)
>>
>> >
>> >  My guess is that some directory is missing. But if I start fresh and
>> > configure samba with the internal dns it gets all the way through it's
>> > configuration with no errors.
>>
>> Not sure, all I can tell you is what packages I install when creating a
>> DC on Devuan:
>>
>> samba acl attr quota fam winbind libpam-winbind libpam-krb5
>> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9
>> bind9utils
>>
>> of course fedora would have all different package names.
> I avoided installing bind-chroot and  bind-sdb-chroot.x86_64 as the bind
> dlz  info on samba
> said not to chroot bind I'm not sure what bind99 libs are but I installed
> all other bind
> packages listed with "dnf list bind*"
>
> [root at dc1 ~]# dnf list dns* |grep -v i686
> Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017 05:51:50 AM
> MDT.
> Installed Packages
> dnsjava.noarch                             2.1.3-12.fc26
>  @rawhide
> Available Packages
> dnscap.x86_64                              141-11.fc26
>  rawhide
> dnscrypt-proxy.x86_64                      1.9.0-2.fc26
> rawhide
> dnscrypt-proxy-gui.x86_64                  1.11.10-1.fc27
> rawhide
> dnsdist.x86_64                             1.1.0-6.fc27
> rawhide
> dnsenum.noarch                             1.2.4.2-7.fc27
> rawhide
> dnsjava-javadoc.noarch                     2.1.3-12.fc26
>  rawhide
> dnsmap.x86_64                              0.30-11.fc26
> rawhide
> dnsmasq.x86_64                             2.77-3.fc27
>  rawhide
> dnsmasq-utils.x86_64                       2.77-3.fc27
>  rawhide
> dnsperf.x86_64                             2.1.0.0-7.fc27
> rawhide
> dnssec-check.x86_64                        2.1-7.fc26
> rawhide
> dnssec-nodes.x86_64                        2.1-6.fc26
> rawhide
> dnssec-system-tray.x86_64                  2.1-6.fc26
> rawhide
> dnssec-tools.x86_64                        2.2-3.fc25
> rawhide
> dnssec-tools-libs.x86_64                   2.2-3.fc25
> rawhide
> dnssec-tools-libs-devel.x86_64             2.2-3.fc25
> rawhide
> dnssec-tools-perlmods.x86_64               2.2-3.fc25
> rawhide
> dnssec-trigger.x86_64                      0.13-3.fc27
>  rawhide
> dnssec-trigger-panel.x86_64                0.13-3.fc27
>  rawhide
> dnssec4j.noarch                            0.1.6-3.fc26
> rawhide
> dnssec4j-javadoc.noarch                    0.1.6-3.fc26
> rawhide
> dnstop.x86_64                              20140915-4.fc26
>  rawhide
> dnstracer.x86_64                           1.9-16.fc27
>  rawhide
> dnsyo.noarch                               2.0.7-3.fc26
> rawhide
>
> dnssec-tools look interesting but when I try to install those I get errors.
>
> [root at dc1 ~]# dnf install dnssec-*
> Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017 05:51:50 AM
> MDT.
> Error:
>  Problem 1: conflicting requests
>   - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by
> dnssec-tools-2.2-3.fc25.x86_64
>  Problem 2: conflicting requests
>   - nothing provides libperl.so.5.24()(64bit) needed by
> dnssec-tools-perlmods-2.2-3.fc25.x86_64
>
> I'll have to go plead with the package maintainer. Although I'm not sure
> even if I install those if that is really what it is complaining about.
> I wonder what tool the samba-tool uses. I'll have to go try and see if I
> can figure it out so I know what it is I really need.
>
> nothing interesting listing in lippam*
> I installed a lot of pam* that looks like what I might need. I have
> pam_krb5
>
>
> >
>> > I've tried without named running and with it running and get the same
>> > error. Mayke something missing in the python scripts building the dns
>> > file.
>> >
>>
>> I just install Bind9, configure it, but do not start it. I then
>> provision Samba. I then start Bind9 followed by Samba and it just
>> works. Perhaps there is something wrong in your bind conf files ?
>>
>>
> If i do a query against the local dns I get a return so it looks like when
> running it works fine.
>
> my named.conf looks like so
>
> options {
>         listen-on port 53 { 127.0.0.1; };
>         listen-on-v6 port 53 { ::1; };
>         directory       "/var/named";
>         dump-file       "/var/named/data/cache_dump.db";
>         statistics-file "/var/named/data/named_stats.txt";
>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>         allow-query     { localhost; };
>         recursion yes;
>         dnssec-enable yes;
>         dnssec-validation yes;
>         managed-keys-directory "/var/named/dynamic";
>         pid-file "/run/named/named.pid";
>         session-keyfile "/run/named/session.key";
>         include "/etc/crypto-policies/back-ends/bind.config";
> };
> logging {
>         channel default_debug {
>                 file "data/named.run";
>                 severity dynamic;
>         };
> };
> zone "." IN {
>         type hint;
>         file "named.ca";
> };
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
>
> /etc/crypto-policies/back-ends/bind.config looks like
>
> disable-algorithms "." {
> RSAMD5;
> };
> disable-ds-digests "." {
> GOST;
> };
>
>
>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>


More information about the samba mailing list