[Samba] Debian11 Samba backport and bind9

Stefan Kania stefan at kania-online.de
Mon Jan 16 19:47:10 UTC 2023 


Am 16.01.23 um 20:35 schrieb Ingo Asche via samba:
> Hi Stefan,
> 
> I have exact that running: Samba 4.17.4 and bind 9.18 from the 
> bullseye-backports.
> 
> I my case "samba_dnsupdate --verbose --all-names" runs without any errors.
> 
On the first DC it's running like I expacted, but on the second one I'm 
having the provlem.

> As like 9.16 I use the "dlz_bind9_18.so" entry in named.conf.
> 
> If you need further information to compare just ask.
> 
> Regards
> Ingo
> https://github.com/WAdama
> 
> Rowland Penny via samba schrieb am 16.01.2023 um 20:05:
>>
>>
>> On 16/01/2023 18:56, Rowland Penny via samba wrote:
>>>
>>>
>>> On 16/01/2023 18:27, Stefan Kania via samba wrote:
>>>>
>>>>
>>>> Am 16.01.23 um 18:31 schrieb Rowland Penny via samba:
>>>>>
>>>>>
>>>>> On 16/01/2023 16:56, Stefan Kania via samba wrote:
>>>>>> Hi to all,
>>>>>> Is there a known problem when using Debian 11 together with the 
>>>>>> samba packages from the backports (4.17.4) and the bind9 from the 
>>>>>> backports (9.18). With me it comes on each further 
>>>>>> Domaincontroller to errors with the "samba_dnsupdate --verbose 
>>>>>> --all-names".
>>>>>>
>>>>>> If I install Bind9 in version 9.16 everything works.
>>>>>>
>>>>>> I have the whole thing running in a Vagrant environment and can 
>>>>>> provide this for testing purposes.
>>>>>>
>>>>>> Stefan
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> The support for Bind 9.18 went into Samba in May 2022, so unless it 
>>>>> was backported, it should only be in 4.17.x
>>>>>
>>>>>  From the commit, it was thought that nothing had changed since 
>>>>> Bind 9.16
>>>>>
>>>>> Try looking in sambadns.py (around line 1015), it should show 9.18
>>>>>
>>>>> Rowland
>>>>>
>>>>
>>>> As far as i see it 9.18 sould be ok:
>>>> ----------------------
>>>> elif dns_backend == "BIND9_DLZ":
>>>>          bind_info = subprocess.Popen(['named -V'], shell=True,
>>>>                                       stdout=subprocess.PIPE,
>>>> stderr=subprocess.STDOUT,
>>>> cwd='.').communicate()[0]
>>>>          bind_info = get_string(bind_info)
>>>>          bind9_8 = '#'
>>>>          bind9_9 = '#'
>>>>          bind9_10 = '#'
>>>>          bind9_11 = '#'
>>>>          bind9_12 = '#'
>>>>          bind9_14 = '#'
>>>>          bind9_16 = '#'
>>>>          bind9_18 = '#'
>>>>          if bind_info.upper().find('BIND 9.8') != -1:
>>>>              bind9_8 = ''
>>>>          elif bind_info.upper().find('BIND 9.9') != -1:
>>>>              bind9_9 = ''
>>>>          elif bind_info.upper().find('BIND 9.10') != -1:
>>>>              bind9_10 = ''
>>>>          elif bind_info.upper().find('BIND 9.11') != -1:
>>>>              bind9_11 = ''
>>>>          elif bind_info.upper().find('BIND 9.12') != -1:
>>>>              bind9_12 = ''
>>>>          elif bind_info.upper().find('BIND 9.14') != -1:
>>>>              bind9_14 = ''
>>>>          elif bind_info.upper().find('BIND 9.16') != -1:
>>>>              bind9_16 = ''
>>>>          elif bind_info.upper().find('BIND 9.18') != -1:
>>>>              bind9_18 = ''
>>>>          elif bind_info.upper().find('BIND 9.7') != -1:
>>>>              raise ProvisioningError("DLZ option incompatible with 
>>>> BIND 9.7.")
>>>>          elif bind_info.upper().find('BIND_9.13') != -1:
>>>>              raise ProvisioningError("Only stable/esv releases of 
>>>> BIND are supported.")
>>>>          elif bind_info.upper().find('BIND_9.15') != -1:
>>>>              raise ProvisioningError("Only stable/esv releases of 
>>>> BIND are supported.")
>>>>          elif bind_info.upper().find('BIND_9.17') != -1:
>>>>              raise ProvisioningError("Only stable/esv releases of 
>>>> BIND are supported.")
>>>>          else:
>>>>              logger.warning("BIND version unknown, please modify %s 
>>>> manually." % paths.namedconf)
>>>>          setup_file(setup_path("named.conf.dlz"), paths.namedconf, {
>>>>                      "NAMED_CONF": paths.namedconf,
>>>>                      "MODULESDIR": samba.param.modules_dir(),
>>>>                      "BIND9_8": bind9_8,
>>>>                      "BIND9_9": bind9_9,
>>>>                      "BIND9_10": bind9_10,
>>>>                      "BIND9_11": bind9_11,
>>>>                      "BIND9_12": bind9_12,
>>>>                      "BIND9_14": bind9_14,
>>>>                      "BIND9_16": bind9_16,
>>>>                      "BIND9_18": bind9_18
>>>>                      })
>>>> -------------
>>>> At the moment I'm testing for my tutorial with Samba 4.17.4 from 
>>>> Debian 11 backports and the Bind9 version 9.16.
>>>>
>>>> Tomorrow I will switch to bind9 from the backport again and post the 
>>>> error messages.
>>>>
>>>>
>>>>
>>>
>>> I just wanted to ensure that you, somehow, hadn't got the wrong file, 
>>> which apparently you haven't
>>>
>>> There may be a problem, does Samba use a DLZ driver or a module ? I 
>>> ask this because Bind seems to have removed DLZ drivers from 9.18
>>>
>>> Rowland
>>>
>>
>> Just had a look in dlz_bind9.c and right at the top, there is this:
>>
>> bind9 dlz driver for Samba
>>
>> We could have a major problem.
>>
>> Rowland
>>
>>
>>
> 
> 

-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre 
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter 
https://www.dgn.de/dgncert/index.html
Download der root-Zertifikate: https://www.dgn.de/dgncert/downloads.html


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20230116/fe9af07f/OpenPGP_signature.sig>

More information about the samba mailing list