[Samba] dns.keytab doesn't exist

Dan Egli dan at newideatest.site
Fri Dec 11 10:23:06 UTC 2020


Okay, I see what you mean. I misunderstood before, sorry. So fix the 
path to use /var/lib/samba/bind-dns/sam.ldb? Mind saying how, as I 
looked in all three config files (named.conf, named.conf.dlz and 
named.conf.update) and don't see an entry for it anywhere.

On 12/11/2020 3:14 AM, Andrew Bartlett wrote:
> No, you need to use the correct path.  Sadly Samba just created an
> empty sam.ldb where you pointed, rather than saying 'no such file or
> directory'.
>
> Andrew Bartlett
>
> On Fri, 2020-12-11 at 03:11 -0700, Dan Egli wrote:
>> So, since it looks from the bug that the problem is the ldb is
>> empty,
>> how can I generate one that would work?
>>
>>
>> On 12/11/2020 3:07 AM, Andrew Bartlett wrote:
>>> On Fri, 2020-12-11 at 03:00 -0700, Dan Egli via samba wrote:
>>>> So you're saying it really doen't matter which I use? Okay, I'll
>>>> just
>>>> use the one in private vs. the one in bind-dns. Now if I can only
>>>> figure
>>>> out why it's complaining about the sam.ldb file:
>>> After running samba_upgradedns then use the one in bind-dns.  It
>>> should
>>> have the most recent password.
>>>
>>>> Dec 11 09:07:10 pluto named[733]: samba_dlz: Unable to get basedn
>>>> for
>>>> /var/lib/samba/private/dns/sam.ldb - NULL Base DN invalid for a
>>>> base
>>>> search
>>> We moved to /var/lib/samba/bind-dns/sam.ldb (but forget to update
>>> the
>>> keytab code, hence the rest of this).
>>>
>>> The error below is because I've not yet backported:
>>> https://bugzilla.samba.org/show_bug.cgi?id=14579
>>>
>>>> That's causing named to terminate with an error:
>>>>
>>>> Dec 11 09:07:10 pluto named[733]: samba_dlz: FAILED dlz_create
>>>> call
>>>> result=25 #refs=0
>>>> Dec 11 09:07:10 pluto named[733]: dlz_dlopen of 'AD DNS Zone'
>>>> failed
>>>> Dec 11 09:07:10 pluto named[733]: SDLZ driver failed to load.
>>>> Dec 11 09:07:10 pluto named[733]: DLZ driver failed to load.
>>>> Dec 11 09:07:10 pluto named[733]: loading configuration: failure
>>>> Dec 11 09:07:10 pluto named[733]: exiting (due to fatal error)
>>>> Dec 11 09:07:11 pluto systemd[1]: named.service: Main process
>>>> exited,
>>>> code=exited, status=1/FAILURE
>>>> Dec 11 09:07:11 pluto systemd[1]: named.service: Failed with
>>>> result
>>>> 'exit-code'.
>>>>
>>>> Any tips?
>>>>
>>>> On 12/11/2020 2:37 AM, Rowland penny via samba wrote:
>>>>> On 11/12/2020 09:26, Dan Egli wrote:
>>>>>>    I ran the samba_dnsupgrade and it created TWO dns.keytab
>>>>>> files.
>>>>>> You
>>>>>> said it won't create one in /var/lib/samba/bind-dns
>>>>>> directory,
>>>>>> but it
>>>>>> did. At least, SOMETHING put a file there. Still, if you say
>>>>>> it
>>>>>> shouldn't be there, then perhaps I should rm it and point my
>>>>>> bind
>>>>>> config to the other.
>>>>>>
>>>>> No, I didn't say that, I said that you do not get the keytab in
>>>>> the
>>>>> bind-dns dir when you join a DC, but you do when you provision
>>>>> a
>>>>> new
>>>>> DC or run samba_dnsupdate. What the code actually does is to
>>>>> create
>>>>> the keytab in the private dir and then copy it to the bind-dns
>>>>> dir,
>>>>> so
>>>>> yes, you do end up with two keytabs.
>>>>>
>>>>> There is a bug report about this:
>>>>> https://bugzilla.samba.org/show_bug.cgi?id=14535
>>>>>
>>>>> And here is my fix:
>>>>> https://gitlab.com/samba-team/samba/-/merge_requests/1642
>>>>>
>>>>> Which unfortunately was rejected even though it works.
>>>>>
>>>>> Rowland
>>>>>
>>>>>
>>>>>
>>>> -- 
>>>> Dan Egli
>>>>    From my Test Server
>>>>
>>>>
-- 
Dan Egli
 From my Test Server




More information about the samba mailing list