[Samba] dns.keytab doesn't exist

Dan Egli dan at newideatest.site
Fri Dec 11 10:11:28 UTC 2020 

So, since it looks from the bug that the problem is the ldb is empty, 
how can I generate one that would work?


On 12/11/2020 3:07 AM, Andrew Bartlett wrote:
> On Fri, 2020-12-11 at 03:00 -0700, Dan Egli via samba wrote:
>> So you're saying it really doen't matter which I use? Okay, I'll
>> just
>> use the one in private vs. the one in bind-dns. Now if I can only
>> figure
>> out why it's complaining about the sam.ldb file:
> After running samba_upgradedns then use the one in bind-dns.  It should
> have the most recent password.
>
>> Dec 11 09:07:10 pluto named[733]: samba_dlz: Unable to get basedn
>> for
>> /var/lib/samba/private/dns/sam.ldb - NULL Base DN invalid for a base
>> search
> We moved to /var/lib/samba/bind-dns/sam.ldb (but forget to update the
> keytab code, hence the rest of this).
>
> The error below is because I've not yet backported:
> https://bugzilla.samba.org/show_bug.cgi?id=14579
>
>> That's causing named to terminate with an error:
>>
>> Dec 11 09:07:10 pluto named[733]: samba_dlz: FAILED dlz_create call
>> result=25 #refs=0
>> Dec 11 09:07:10 pluto named[733]: dlz_dlopen of 'AD DNS Zone' failed
>> Dec 11 09:07:10 pluto named[733]: SDLZ driver failed to load.
>> Dec 11 09:07:10 pluto named[733]: DLZ driver failed to load.
>> Dec 11 09:07:10 pluto named[733]: loading configuration: failure
>> Dec 11 09:07:10 pluto named[733]: exiting (due to fatal error)
>> Dec 11 09:07:11 pluto systemd[1]: named.service: Main process
>> exited,
>> code=exited, status=1/FAILURE
>> Dec 11 09:07:11 pluto systemd[1]: named.service: Failed with result
>> 'exit-code'.
>>
>> Any tips?
>>
>> On 12/11/2020 2:37 AM, Rowland penny via samba wrote:
>>> On 11/12/2020 09:26, Dan Egli wrote:
>>>>   I ran the samba_dnsupgrade and it created TWO dns.keytab files.
>>>> You
>>>> said it won't create one in /var/lib/samba/bind-dns directory,
>>>> but it
>>>> did. At least, SOMETHING put a file there. Still, if you say it
>>>> shouldn't be there, then perhaps I should rm it and point my
>>>> bind
>>>> config to the other.
>>>>
>>> No, I didn't say that, I said that you do not get the keytab in
>>> the
>>> bind-dns dir when you join a DC, but you do when you provision a
>>> new
>>> DC or run samba_dnsupdate. What the code actually does is to
>>> create
>>> the keytab in the private dir and then copy it to the bind-dns dir,
>>> so
>>> yes, you do end up with two keytabs.
>>>
>>> There is a bug report about this:
>>> https://bugzilla.samba.org/show_bug.cgi?id=14535
>>>
>>> And here is my fix:
>>> https://gitlab.com/samba-team/samba/-/merge_requests/1642
>>>
>>> Which unfortunately was rejected even though it works.
>>>
>>> Rowland
>>>
>>>
>>>
>> -- 
>> Dan Egli
>>   From my Test Server
>>
>>
-- 
Dan Egli
 From my Test Server

More information about the samba mailing list