[Samba] using samba with bind dlz
Jeff Sadowski
jeff.sadowski at gmail.com
Mon Jul 10 16:38:59 UTC 2017
On Mon, Jul 10, 2017 at 9:45 AM, Jeff Sadowski <jeff.sadowski at gmail.com>
wrote:
> In /usr/lib64/python2.7/site-packages/samba/provision/sambadns.py
>
> Update: It is failing in create_samdb_copy specifically here:
>
> # Copy root, config, schema partitions (and any other if any)
> # Since samdb is open in the current process, copy them in a child
> process
> try:
> tdb_copy(os.path.join(private_dir, "sam.ldb"),
> os.path.join(dns_dir, "sam.ldb"))
> for nc in partfile:
> pfile = partfile[nc]
> tdb_copy(os.path.join(private_dir, pfile),
> os.path.join(dns_dir, pfile))
>
> Let me try and figure out what his is doing and I'll write some prints to
> find out what the culprit is.
>
I printed out os.path.join(private_dir, "sam.ldb")
and os.path.join(dns_dir, "sam.ldb") they both look fine.
From: /var/lib/samba/private/sam.ldb
To: /var/lib/samba/private/dns/sam.ldb
I put a print statement under tdb_copy that is not reached so the problem
is there.
Now to go find tdb_copy and see what it is complaining about.
I see the line
from samba.tdb_util import tdb_copy
So I'm off to find that function and to see what it is complaining about.
>
>
> On Mon, Jul 10, 2017 at 9:17 AM, Jeff Sadowski <jeff.sadowski at gmail.com>
> wrote:
>
>> I found the file /usr/lib64/python2.7/site-packages/samba/provision/samb
>> adns.py
>> I was looking through it and seemed to come across the area where I am
>> having problems.
>>
>> In the create_dns_dir function
>>
>> I wanted to see what paths.dns had and what dns_dir where getting set to.
>>
>> so I did a simple print and found
>>
>> paths.dir is set to /var/lib/samba/private/dns/
>> fedora.methanemaker.mooo.com.zone
>> and
>> dns_dir is set to /var/lib/samba/private/dns
>>
>> next I check those directories
>>
>> [root at dc1 ~]# ls -l /var/lib/samba/private/dns/fed
>> ora.methanemaker.mooo.com.zone
>> ls: cannot access '/var/lib/samba/private/dns/fe
>> dora.methanemaker.mooo.com.zone': No such file or directory
>> [root at dc1 ~]# mkdir -p /var/lib/samba/private/dns/fed
>> ora.methanemaker.mooo.com.zone
>>
>> it looks like samba-tool removes that directory
>>
>> I'll keep looking for the culprit in that function.
>>
>>
>>
>>
>> On Mon, Jul 10, 2017 at 8:50 AM, Jeff Sadowski <jeff.sadowski at gmail.com>
>> wrote:
>>
>>>
>>> On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba <
>>> samba at lists.samba.org> wrote:
>>>
>>>> On Mon, 10 Jul 2017 06:43:37 -0600
>>>> Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>>>>
>>>> > Bind-9.11 is installed. How do you configure it? Does it need anything
>>>> > special in the config for samba to build the ...samba.../named.conf
>>>> > file that I should be able to include in my /etc/named.conf
>>>> > afterwards?
>>>>
>>>> With Fedora being a bit 'bleeding edge', I just wondered if they had
>>>> started using Bind10, but 9.11 should be okay, Samba knows all about
>>>> that version ;-)
>>>>
>>>> >
>>>> > My guess is that some directory is missing. But if I start fresh and
>>>> > configure samba with the internal dns it gets all the way through it's
>>>> > configuration with no errors.
>>>>
>>>> Not sure, all I can tell you is what packages I install when creating a
>>>> DC on Devuan:
>>>>
>>>> samba acl attr quota fam winbind libpam-winbind libpam-krb5
>>>> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9
>>>> bind9utils
>>>>
>>>> of course fedora would have all different package names.
>>> I avoided installing bind-chroot and bind-sdb-chroot.x86_64 as the bind
>>> dlz info on samba
>>> said not to chroot bind I'm not sure what bind99 libs are but I
>>> installed all other bind
>>> packages listed with "dnf list bind*"
>>>
>>> [root at dc1 ~]# dnf list dns* |grep -v i686
>>> Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017 05:51:50
>>> AM MDT.
>>> Installed Packages
>>> dnsjava.noarch 2.1.3-12.fc26
>>> @rawhide
>>> Available Packages
>>> dnscap.x86_64 141-11.fc26
>>> rawhide
>>> dnscrypt-proxy.x86_64 1.9.0-2.fc26
>>> rawhide
>>> dnscrypt-proxy-gui.x86_64 1.11.10-1.fc27
>>> rawhide
>>> dnsdist.x86_64 1.1.0-6.fc27
>>> rawhide
>>> dnsenum.noarch 1.2.4.2-7.fc27
>>> rawhide
>>> dnsjava-javadoc.noarch 2.1.3-12.fc26
>>> rawhide
>>> dnsmap.x86_64 0.30-11.fc26
>>> rawhide
>>> dnsmasq.x86_64 2.77-3.fc27
>>> rawhide
>>> dnsmasq-utils.x86_64 2.77-3.fc27
>>> rawhide
>>> dnsperf.x86_64 2.1.0.0-7.fc27
>>> rawhide
>>> dnssec-check.x86_64 2.1-7.fc26
>>> rawhide
>>> dnssec-nodes.x86_64 2.1-6.fc26
>>> rawhide
>>> dnssec-system-tray.x86_64 2.1-6.fc26
>>> rawhide
>>> dnssec-tools.x86_64 2.2-3.fc25
>>> rawhide
>>> dnssec-tools-libs.x86_64 2.2-3.fc25
>>> rawhide
>>> dnssec-tools-libs-devel.x86_64 2.2-3.fc25
>>> rawhide
>>> dnssec-tools-perlmods.x86_64 2.2-3.fc25
>>> rawhide
>>> dnssec-trigger.x86_64 0.13-3.fc27
>>> rawhide
>>> dnssec-trigger-panel.x86_64 0.13-3.fc27
>>> rawhide
>>> dnssec4j.noarch 0.1.6-3.fc26
>>> rawhide
>>> dnssec4j-javadoc.noarch 0.1.6-3.fc26
>>> rawhide
>>> dnstop.x86_64 20140915-4.fc26
>>> rawhide
>>> dnstracer.x86_64 1.9-16.fc27
>>> rawhide
>>> dnsyo.noarch 2.0.7-3.fc26
>>> rawhide
>>>
>>> dnssec-tools look interesting but when I try to install those I get
>>> errors.
>>>
>>> [root at dc1 ~]# dnf install dnssec-*
>>> Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017 05:51:50
>>> AM MDT.
>>> Error:
>>> Problem 1: conflicting requests
>>> - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by
>>> dnssec-tools-2.2-3.fc25.x86_64
>>> Problem 2: conflicting requests
>>> - nothing provides libperl.so.5.24()(64bit) needed by
>>> dnssec-tools-perlmods-2.2-3.fc25.x86_64
>>>
>>> I'll have to go plead with the package maintainer. Although I'm not sure
>>> even if I install those if that is really what it is complaining about.
>>> I wonder what tool the samba-tool uses. I'll have to go try and see if I
>>> can figure it out so I know what it is I really need.
>>>
>>> nothing interesting listing in lippam*
>>> I installed a lot of pam* that looks like what I might need. I have
>>> pam_krb5
>>>
>>>
>>> >
>>>> > I've tried without named running and with it running and get the same
>>>> > error. Mayke something missing in the python scripts building the dns
>>>> > file.
>>>> >
>>>>
>>>> I just install Bind9, configure it, but do not start it. I then
>>>> provision Samba. I then start Bind9 followed by Samba and it just
>>>> works. Perhaps there is something wrong in your bind conf files ?
>>>>
>>>>
>>> If i do a query against the local dns I get a return so it looks like
>>> when running it works fine.
>>>
>>> my named.conf looks like so
>>>
>>> options {
>>> listen-on port 53 { 127.0.0.1; };
>>> listen-on-v6 port 53 { ::1; };
>>> directory "/var/named";
>>> dump-file "/var/named/data/cache_dump.db";
>>> statistics-file "/var/named/data/named_stats.txt";
>>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>>> allow-query { localhost; };
>>> recursion yes;
>>> dnssec-enable yes;
>>> dnssec-validation yes;
>>> managed-keys-directory "/var/named/dynamic";
>>> pid-file "/run/named/named.pid";
>>> session-keyfile "/run/named/session.key";
>>> include "/etc/crypto-policies/back-ends/bind.config";
>>> };
>>> logging {
>>> channel default_debug {
>>> file "data/named.run";
>>> severity dynamic;
>>> };
>>> };
>>> zone "." IN {
>>> type hint;
>>> file "named.ca";
>>> };
>>> include "/etc/named.rfc1912.zones";
>>> include "/etc/named.root.key";
>>>
>>> /etc/crypto-policies/back-ends/bind.config looks like
>>>
>>> disable-algorithms "." {
>>> RSAMD5;
>>> };
>>> disable-ds-digests "." {
>>> GOST;
>>> };
>>>
>>>
>>>
>>>> Rowland
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>
>>>
>>
>
More information about the samba
mailing list