[Samba] Bind_DLZ krb errors @ startup.

Kristján Valur Jónsson kristjan at rvx.is
Fri May 11 14:14:39 UTC 2018 

I"m seeing this as well, after I updated my CentOS 7 hosts to the latest
release.
Something seems to have broken!

On 10 May 2018 at 17:54, Tom Diehl via samba <samba at lists.samba.org> wrote:

> Hi,
>
> I have 2 self compiled samba 4 DCs running 4.7.7 on Centos 7.5. One of them
> is operating normally. On the other DC bind will not start. I turned up
> debugging on dlz_bind as per https://wiki.samba.org/index.p
> hp/BIND9_DLZ_DNS_Back_End#Debugging_the_BIND9_DLZ_Module
> When I try to start named I get the following in the logs:
>
> May 10 13:19:44 vdc2 named[23773]: starting BIND 9.9.4-RedHat-9.9.4-61.el7
> -u named -c /etc/named.conf
> May 10 13:19:44 vdc2 named[23773]: built with
> '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu'
> '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr'
> '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
> '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
> '--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
> '--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
> '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var'
> '--enable-threads' '--with-geoip' '--enable-ipv6' '--enable-filter-aaaa'
> '--enable-rrl' '--with-pic' '--disable-static'
> '--disable-openssl-version-check' '--enable-exportlib'
> '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include'
> '--includedir=/usr/include/bind9' '--enable-native-pkcs11'
> '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes'
> '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
> '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes'
> '--disable-isc-spnego' '--enable-fixed-rrset' '--with-tuning=large'
> '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
> 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu'
> 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
> -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE'
> May 10 13:19:44 vdc2 named[23773]: ------------------------------
> ----------------------
> May 10 13:19:44 vdc2 named[23773]: BIND 9 is maintained by Internet
> Systems Consortium,
> May 10 13:19:44 vdc2 named[23773]: Inc. (ISC), a non-profit 501(c)(3)
> public-benefit
> May 10 13:19:44 vdc2 named[23773]: corporation.  Support and training for
> BIND 9 are
> May 10 13:19:44 vdc2 named[23773]: available at
> https://www.isc.org/support
> May 10 13:19:44 vdc2 named[23773]: ------------------------------
> ----------------------
> May 10 13:19:44 vdc2 named[23773]: adjusted limit on open files from 4096
> to 1048576
> May 10 13:19:44 vdc2 named[23773]: found 2 CPUs, using 2 worker threads
> May 10 13:19:44 vdc2 named[23773]: using 2 UDP listeners per interface
> May 10 13:19:44 vdc2 named[23773]: using up to 21000 sockets
> May 10 13:19:44 vdc2 named[23773]: loading configuration from
> '/etc/named.conf'
> May 10 13:19:44 vdc2 named[23773]: reading built-in trusted keys from file
> '/etc/named.iscdlv.key'
> May 10 13:19:44 vdc2 named[23773]: initializing GeoIP Country (IPv4) (type
> 1) DB
> May 10 13:19:44 vdc2 named[23773]: GEO-106FREE 20160607 Build 1 Copyright
> (c) 2016 MaxMind
> May 10 13:19:44 vdc2 named[23773]: initializing GeoIP Country (IPv6) (type
> 12) DB
> May 10 13:19:44 vdc2 named[23773]: GEO-106FREE 20160607 Build 1 Copy
> May 10 13:19:44 vdc2 named[23773]: GeoIP City (IPv4) (type 2) DB not
> available
> May 10 13:19:44 vdc2 named[23773]: GeoIP City (IPv4) (type 6) DB not
> available
> May 10 13:19:44 vdc2 named[23773]: GeoIP City (IPv6) (type 30) DB not
> available
> May 10 13:19:44 vdc2 named[23773]: GeoIP City (IPv6) (type 31) DB not
> available
> May 10 13:19:44 vdc2 named[23773]: GeoIP Region (type 3) DB not available
> May 10 13:19:44 vdc2 named[23773]: GeoIP Region (type 7) DB not available
> May 10 13:19:44 vdc2 named[23773]: GeoIP ISP (type 4) DB not available
> May 10 13:19:44 vdc2 named[23773]: GeoIP Org (type 5) DB not available
> May 10 13:19:44 vdc2 named[23773]: GeoIP AS (type 9) DB not available
> May 10 13:19:44 vdc2 named[23773]: GeoIP Domain (type 11) DB not available
> May 10 13:19:44 vdc2 named[23773]: GeoIP NetSpeed (type 10) DB not
> available
> May 10 13:19:44 vdc2 named[23773]: using default UDP/IPv4 port range:
> [1024, 65535]
> May 10 13:19:44 vdc2 named[23773]: using default UDP/IPv6 port range:
> [1024, 65535]
> May 10 13:19:44 vdc2 named[23773]: listening on IPv4 interface lo,
> 127.0.0.1#53
> May 10 13:19:44 vdc2 named[23773]: listening on IPv4 interface
> eno16780032, 172.25.0.7#53
> May 10 13:19:44 vdc2 named[23773]: generating session key for dynamic DNS
> May 10 13:19:44 vdc2 named[23773]: sizing zone task pool based on 5 zones
> May 10 13:19:44 vdc2 named[23773]: Loading 'AD DNS Zone' using driver
> dlopen
> May 10 13:19:44 vdc2 named[23773]: samba_dlz: INFO: Current debug levels:
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   all: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   tdb: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   printdrivers: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   lanman: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   smb: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   rpc_parse: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   rpc_srv: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   rpc_cli: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   passdb: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   sam: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   auth: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   winbind: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   vfs: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   idmap: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   quota: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   acls: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   locking: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   msdfs: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   dmapi: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   registry: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   scavenger: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   dns: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   ldb: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   tevent: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   auth_audit: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   auth_json_audit: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   kerberos: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   drs_repl: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   smb2: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz:   smb2_credits: 10
> May 10 13:19:44 vdc2 named[23773]: samba_dlz: krb5_init_context failed
> (Invalid argument)
> May 10 13:19:44 vdc2 named[23773]: samba_dlz: smb_krb5_context_init_basic
> failed (Invalid argument)
> May 10 13:19:44 vdc2 named[23773]: dlz_dlopen of 'AD DNS Zone' failed
> May 10 13:19:44 vdc2 named[23773]: SDLZ driver failed to load.
> May 10 13:19:44 vdc2 named[23773]: DLZ driver failed to load.
> May 10 13:19:44 vdc2 named[23773]: loading configuration: out of memory
> May 10 13:19:44 vdc2 named[23773]: exiting (due to fatal error)
> May 10 13:19:44 vdc2 systemd: named.service: control process exited,
> code=exited status=1
> May 10 13:19:44 vdc2 systemd: Unit named.service entered failed state.
> May 10 13:19:44 vdc2 systemd: named.service failed
>
> The only thing I see of significance is:
> May 10 13:19:44 vdc2 named[23773]: samba_dlz: krb5_init_context failed
> (Invalid argument)
> May 10 13:19:44 vdc2 named[23773]: samba_dlz: smb_krb5_context_init_basic
> failed (Invalid argument)
>
> Both DC's use the same smb.conf and named.conf and were working fine
> until this AM.
>
> The only thing that has changed is both machines were upgraded from Centos
> 7.4 to Centos 7.5. and restarted.
>
> Google is not helping with the above errors. Can someone point me towards
> what
> might be causing this?
>
> Regards,
>
> --
> Tom                     me at tdiehl.org
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Kv,
Kristján Valur Jónsson, RVX

More information about the samba mailing list