[Samba] dns.keytab doesn't exist
Andrew Bartlett
abartlet at samba.org
Fri Dec 11 10:07:22 UTC 2020
On Fri, 2020-12-11 at 03:00 -0700, Dan Egli via samba wrote:
> So you're saying it really doen't matter which I use? Okay, I'll
> just
> use the one in private vs. the one in bind-dns. Now if I can only
> figure
> out why it's complaining about the sam.ldb file:
After running samba_upgradedns then use the one in bind-dns. It should
have the most recent password.
> Dec 11 09:07:10 pluto named[733]: samba_dlz: Unable to get basedn
> for
> /var/lib/samba/private/dns/sam.ldb - NULL Base DN invalid for a base
> search
We moved to /var/lib/samba/bind-dns/sam.ldb (but forget to update the
keytab code, hence the rest of this).
The error below is because I've not yet backported:
https://bugzilla.samba.org/show_bug.cgi?id=14579
> That's causing named to terminate with an error:
>
> Dec 11 09:07:10 pluto named[733]: samba_dlz: FAILED dlz_create call
> result=25 #refs=0
> Dec 11 09:07:10 pluto named[733]: dlz_dlopen of 'AD DNS Zone' failed
> Dec 11 09:07:10 pluto named[733]: SDLZ driver failed to load.
> Dec 11 09:07:10 pluto named[733]: DLZ driver failed to load.
> Dec 11 09:07:10 pluto named[733]: loading configuration: failure
> Dec 11 09:07:10 pluto named[733]: exiting (due to fatal error)
> Dec 11 09:07:11 pluto systemd[1]: named.service: Main process
> exited,
> code=exited, status=1/FAILURE
> Dec 11 09:07:11 pluto systemd[1]: named.service: Failed with result
> 'exit-code'.
>
> Any tips?
>
> On 12/11/2020 2:37 AM, Rowland penny via samba wrote:
> > On 11/12/2020 09:26, Dan Egli wrote:
> > > I ran the samba_dnsupgrade and it created TWO dns.keytab files.
> > > You
> > > said it won't create one in /var/lib/samba/bind-dns directory,
> > > but it
> > > did. At least, SOMETHING put a file there. Still, if you say it
> > > shouldn't be there, then perhaps I should rm it and point my
> > > bind
> > > config to the other.
> > >
> > No, I didn't say that, I said that you do not get the keytab in
> > the
> > bind-dns dir when you join a DC, but you do when you provision a
> > new
> > DC or run samba_dnsupdate. What the code actually does is to
> > create
> > the keytab in the private dir and then copy it to the bind-dns dir,
> > so
> > yes, you do end up with two keytabs.
> >
> > There is a bug report about this:
> > https://bugzilla.samba.org/show_bug.cgi?id=14535
> >
> > And here is my fix:
> > https://gitlab.com/samba-team/samba/-/merge_requests/1642
> >
> > Which unfortunately was rejected even though it works.
> >
> > Rowland
> >
> >
> >
> --
> Dan Egli
> From my Test Server
>
>
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
More information about the samba
mailing list