[Samba] dns.keytab doesn't exist

Andrew Bartlett abartlet at samba.org
Fri Dec 11 10:14:15 UTC 2020 

No, you need to use the correct path.  Sadly Samba just created an
empty sam.ldb where you pointed, rather than saying 'no such file or
directory'.

Andrew Bartlett

On Fri, 2020-12-11 at 03:11 -0700, Dan Egli wrote:
> So, since it looks from the bug that the problem is the ldb is
> empty, 
> how can I generate one that would work?
> 
> 
> On 12/11/2020 3:07 AM, Andrew Bartlett wrote:
> > On Fri, 2020-12-11 at 03:00 -0700, Dan Egli via samba wrote:
> > > So you're saying it really doen't matter which I use? Okay, I'll
> > > just
> > > use the one in private vs. the one in bind-dns. Now if I can only
> > > figure
> > > out why it's complaining about the sam.ldb file:
> > After running samba_upgradedns then use the one in bind-dns.  It
> > should
> > have the most recent password.
> > 
> > > Dec 11 09:07:10 pluto named[733]: samba_dlz: Unable to get basedn
> > > for
> > > /var/lib/samba/private/dns/sam.ldb - NULL Base DN invalid for a
> > > base
> > > search
> > We moved to /var/lib/samba/bind-dns/sam.ldb (but forget to update
> > the
> > keytab code, hence the rest of this).
> > 
> > The error below is because I've not yet backported:
> > https://bugzilla.samba.org/show_bug.cgi?id=14579
> > 
> > > That's causing named to terminate with an error:
> > > 
> > > Dec 11 09:07:10 pluto named[733]: samba_dlz: FAILED dlz_create
> > > call
> > > result=25 #refs=0
> > > Dec 11 09:07:10 pluto named[733]: dlz_dlopen of 'AD DNS Zone'
> > > failed
> > > Dec 11 09:07:10 pluto named[733]: SDLZ driver failed to load.
> > > Dec 11 09:07:10 pluto named[733]: DLZ driver failed to load.
> > > Dec 11 09:07:10 pluto named[733]: loading configuration: failure
> > > Dec 11 09:07:10 pluto named[733]: exiting (due to fatal error)
> > > Dec 11 09:07:11 pluto systemd[1]: named.service: Main process
> > > exited,
> > > code=exited, status=1/FAILURE
> > > Dec 11 09:07:11 pluto systemd[1]: named.service: Failed with
> > > result
> > > 'exit-code'.
> > > 
> > > Any tips?
> > > 
> > > On 12/11/2020 2:37 AM, Rowland penny via samba wrote:
> > > > On 11/12/2020 09:26, Dan Egli wrote:
> > > > >   I ran the samba_dnsupgrade and it created TWO dns.keytab
> > > > > files.
> > > > > You
> > > > > said it won't create one in /var/lib/samba/bind-dns
> > > > > directory,
> > > > > but it
> > > > > did. At least, SOMETHING put a file there. Still, if you say
> > > > > it
> > > > > shouldn't be there, then perhaps I should rm it and point my
> > > > > bind
> > > > > config to the other.
> > > > > 
> > > > No, I didn't say that, I said that you do not get the keytab in
> > > > the
> > > > bind-dns dir when you join a DC, but you do when you provision
> > > > a
> > > > new
> > > > DC or run samba_dnsupdate. What the code actually does is to
> > > > create
> > > > the keytab in the private dir and then copy it to the bind-dns
> > > > dir,
> > > > so
> > > > yes, you do end up with two keytabs.
> > > > 
> > > > There is a bug report about this:
> > > > https://bugzilla.samba.org/show_bug.cgi?id=14535
> > > > 
> > > > And here is my fix:
> > > > https://gitlab.com/samba-team/samba/-/merge_requests/1642
> > > > 
> > > > Which unfortunately was rejected even though it works.
> > > > 
> > > > Rowland
> > > > 
> > > > 
> > > > 
> > > -- 
> > > Dan Egli
> > >   From my Test Server
> > > 
> > > 
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

More information about the samba mailing list