[Samba] using samba with bind dlz
Jeff Sadowski
jeff.sadowski at gmail.com
Mon Jul 10 16:58:27 UTC 2017
OK so I don't have a program tdbbackup. Where do I get it?
On Mon, Jul 10, 2017 at 10:38 AM, Jeff Sadowski <jeff.sadowski at gmail.com>
wrote:
>
>
> On Mon, Jul 10, 2017 at 9:45 AM, Jeff Sadowski <jeff.sadowski at gmail.com>
> wrote:
>
>> In /usr/lib64/python2.7/site-packages/samba/provision/sambadns.py
>>
>> Update: It is failing in create_samdb_copy specifically here:
>>
>> # Copy root, config, schema partitions (and any other if any)
>> # Since samdb is open in the current process, copy them in a child
>> process
>> try:
>> tdb_copy(os.path.join(private_dir, "sam.ldb"),
>> os.path.join(dns_dir, "sam.ldb"))
>> for nc in partfile:
>> pfile = partfile[nc]
>> tdb_copy(os.path.join(private_dir, pfile),
>> os.path.join(dns_dir, pfile))
>>
>> Let me try and figure out what his is doing and I'll write some prints to
>> find out what the culprit is.
>>
>
> I printed out os.path.join(private_dir, "sam.ldb")
> and os.path.join(dns_dir, "sam.ldb") they both look fine.
>
> From: /var/lib/samba/private/sam.ldb
> To: /var/lib/samba/private/dns/sam.ldb
>
> I put a print statement under tdb_copy that is not reached so the problem
> is there.
> Now to go find tdb_copy and see what it is complaining about.
>
> I see the line
>
> from samba.tdb_util import tdb_copy
>
> So I'm off to find that function and to see what it is complaining about.
>
>
>
>>
>>
>> On Mon, Jul 10, 2017 at 9:17 AM, Jeff Sadowski <jeff.sadowski at gmail.com>
>> wrote:
>>
>>> I found the file /usr/lib64/python2.7/site-packages/samba/provision/samb
>>> adns.py
>>> I was looking through it and seemed to come across the area where I am
>>> having problems.
>>>
>>> In the create_dns_dir function
>>>
>>> I wanted to see what paths.dns had and what dns_dir where getting set to.
>>>
>>> so I did a simple print and found
>>>
>>> paths.dir is set to /var/lib/samba/private/dns/
>>> fedora.methanemaker.mooo.com.zone
>>> and
>>> dns_dir is set to /var/lib/samba/private/dns
>>>
>>> next I check those directories
>>>
>>> [root at dc1 ~]# ls -l /var/lib/samba/private/dns/fed
>>> ora.methanemaker.mooo.com.zone
>>> ls: cannot access '/var/lib/samba/private/dns/fe
>>> dora.methanemaker.mooo.com.zone': No such file or directory
>>> [root at dc1 ~]# mkdir -p /var/lib/samba/private/dns/fed
>>> ora.methanemaker.mooo.com.zone
>>>
>>> it looks like samba-tool removes that directory
>>>
>>> I'll keep looking for the culprit in that function.
>>>
>>>
>>>
>>>
>>> On Mon, Jul 10, 2017 at 8:50 AM, Jeff Sadowski <jeff.sadowski at gmail.com>
>>> wrote:
>>>
>>>>
>>>> On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba <
>>>> samba at lists.samba.org> wrote:
>>>>
>>>>> On Mon, 10 Jul 2017 06:43:37 -0600
>>>>> Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>>>>>
>>>>> > Bind-9.11 is installed. How do you configure it? Does it need
>>>>> anything
>>>>> > special in the config for samba to build the ...samba.../named.conf
>>>>> > file that I should be able to include in my /etc/named.conf
>>>>> > afterwards?
>>>>>
>>>>> With Fedora being a bit 'bleeding edge', I just wondered if they had
>>>>> started using Bind10, but 9.11 should be okay, Samba knows all about
>>>>> that version ;-)
>>>>>
>>>>> >
>>>>> > My guess is that some directory is missing. But if I start fresh and
>>>>> > configure samba with the internal dns it gets all the way through
>>>>> it's
>>>>> > configuration with no errors.
>>>>>
>>>>> Not sure, all I can tell you is what packages I install when creating a
>>>>> DC on Devuan:
>>>>>
>>>>> samba acl attr quota fam winbind libpam-winbind libpam-krb5
>>>>> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9
>>>>> bind9utils
>>>>>
>>>>> of course fedora would have all different package names.
>>>> I avoided installing bind-chroot and bind-sdb-chroot.x86_64 as the
>>>> bind dlz info on samba
>>>> said not to chroot bind I'm not sure what bind99 libs are but I
>>>> installed all other bind
>>>> packages listed with "dnf list bind*"
>>>>
>>>> [root at dc1 ~]# dnf list dns* |grep -v i686
>>>> Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017 05:51:50
>>>> AM MDT.
>>>> Installed Packages
>>>> dnsjava.noarch 2.1.3-12.fc26
>>>> @rawhide
>>>> Available Packages
>>>> dnscap.x86_64 141-11.fc26
>>>> rawhide
>>>> dnscrypt-proxy.x86_64 1.9.0-2.fc26
>>>> rawhide
>>>> dnscrypt-proxy-gui.x86_64 1.11.10-1.fc27
>>>> rawhide
>>>> dnsdist.x86_64 1.1.0-6.fc27
>>>> rawhide
>>>> dnsenum.noarch 1.2.4.2-7.fc27
>>>> rawhide
>>>> dnsjava-javadoc.noarch 2.1.3-12.fc26
>>>> rawhide
>>>> dnsmap.x86_64 0.30-11.fc26
>>>> rawhide
>>>> dnsmasq.x86_64 2.77-3.fc27
>>>> rawhide
>>>> dnsmasq-utils.x86_64 2.77-3.fc27
>>>> rawhide
>>>> dnsperf.x86_64 2.1.0.0-7.fc27
>>>> rawhide
>>>> dnssec-check.x86_64 2.1-7.fc26
>>>> rawhide
>>>> dnssec-nodes.x86_64 2.1-6.fc26
>>>> rawhide
>>>> dnssec-system-tray.x86_64 2.1-6.fc26
>>>> rawhide
>>>> dnssec-tools.x86_64 2.2-3.fc25
>>>> rawhide
>>>> dnssec-tools-libs.x86_64 2.2-3.fc25
>>>> rawhide
>>>> dnssec-tools-libs-devel.x86_64 2.2-3.fc25
>>>> rawhide
>>>> dnssec-tools-perlmods.x86_64 2.2-3.fc25
>>>> rawhide
>>>> dnssec-trigger.x86_64 0.13-3.fc27
>>>> rawhide
>>>> dnssec-trigger-panel.x86_64 0.13-3.fc27
>>>> rawhide
>>>> dnssec4j.noarch 0.1.6-3.fc26
>>>> rawhide
>>>> dnssec4j-javadoc.noarch 0.1.6-3.fc26
>>>> rawhide
>>>> dnstop.x86_64 20140915-4.fc26
>>>> rawhide
>>>> dnstracer.x86_64 1.9-16.fc27
>>>> rawhide
>>>> dnsyo.noarch 2.0.7-3.fc26
>>>> rawhide
>>>>
>>>> dnssec-tools look interesting but when I try to install those I get
>>>> errors.
>>>>
>>>> [root at dc1 ~]# dnf install dnssec-*
>>>> Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017 05:51:50
>>>> AM MDT.
>>>> Error:
>>>> Problem 1: conflicting requests
>>>> - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by
>>>> dnssec-tools-2.2-3.fc25.x86_64
>>>> Problem 2: conflicting requests
>>>> - nothing provides libperl.so.5.24()(64bit) needed by
>>>> dnssec-tools-perlmods-2.2-3.fc25.x86_64
>>>>
>>>> I'll have to go plead with the package maintainer. Although I'm not
>>>> sure even if I install those if that is really what it is complaining about.
>>>> I wonder what tool the samba-tool uses. I'll have to go try and see if
>>>> I can figure it out so I know what it is I really need.
>>>>
>>>> nothing interesting listing in lippam*
>>>> I installed a lot of pam* that looks like what I might need. I have
>>>> pam_krb5
>>>>
>>>>
>>>> >
>>>>> > I've tried without named running and with it running and get the same
>>>>> > error. Mayke something missing in the python scripts building the dns
>>>>> > file.
>>>>> >
>>>>>
>>>>> I just install Bind9, configure it, but do not start it. I then
>>>>> provision Samba. I then start Bind9 followed by Samba and it just
>>>>> works. Perhaps there is something wrong in your bind conf files ?
>>>>>
>>>>>
>>>> If i do a query against the local dns I get a return so it looks like
>>>> when running it works fine.
>>>>
>>>> my named.conf looks like so
>>>>
>>>> options {
>>>> listen-on port 53 { 127.0.0.1; };
>>>> listen-on-v6 port 53 { ::1; };
>>>> directory "/var/named";
>>>> dump-file "/var/named/data/cache_dump.db";
>>>> statistics-file "/var/named/data/named_stats.txt";
>>>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>>>> allow-query { localhost; };
>>>> recursion yes;
>>>> dnssec-enable yes;
>>>> dnssec-validation yes;
>>>> managed-keys-directory "/var/named/dynamic";
>>>> pid-file "/run/named/named.pid";
>>>> session-keyfile "/run/named/session.key";
>>>> include "/etc/crypto-policies/back-ends/bind.config";
>>>> };
>>>> logging {
>>>> channel default_debug {
>>>> file "data/named.run";
>>>> severity dynamic;
>>>> };
>>>> };
>>>> zone "." IN {
>>>> type hint;
>>>> file "named.ca";
>>>> };
>>>> include "/etc/named.rfc1912.zones";
>>>> include "/etc/named.root.key";
>>>>
>>>> /etc/crypto-policies/back-ends/bind.config looks like
>>>>
>>>> disable-algorithms "." {
>>>> RSAMD5;
>>>> };
>>>> disable-ds-digests "." {
>>>> GOST;
>>>> };
>>>>
>>>>
>>>>
>>>>> Rowland
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>
>>>>
>>>>
>>>
>>
>
More information about the samba
mailing list