[Samba] bind9 failure when using dlz_bind
Rowland Penny
rpenny at samba.org
Fri Jun 28 13:52:46 UTC 2024
On Fri, 28 Jun 2024 09:35:13 +0300
Michael Tokarev via samba <samba at lists.samba.org> wrote:
> On 6/28/24 08:44, Michael Tokarev wrote:
> ..
> > Besides, it looks like samba libraries are "too dirty", so to say,
> > - eg, I don't think bind_dlz.so needs any krb5 stuff, it just talks
> > to samba-ad-dc over a unix socket. It needs none of samba
> > libraries. But here I might be completely wrong. It links with
> > heimdal, libwbclient, etc.
>
> Aha.. bind_dlz talks to samba using kerberos. Somehow I thought it
> uses a socket in /var/lib/samba/private/ like ntp. I was wrong
> indeed.
>
> So bind_dlz obviously needs kerberos.
>
> It looks like it should be build the same way nss_winbind &
> pam_winbind are built, with all samba modules compiled into the
> binary.
>
> Also, I think it would be useful if mit-krb5 and heimdal checks if
> both of them are loaded into the same address space and fail to run,
> since symbol clashes is too basically unavoidable in this case. This
> means there's no bind_dlz for heimdal- based samba though, but it's
> better be sorry than crash (neither works anyway).
>
> Samba should really switch to mit-krb5...
>
> /mjt
Okay, I have looked into this to try and understand just what is going
on with Debian Trixie and bind_dlz.
I can confirm that bind9 refuses to start when properly configured, but
it does raise a couple of questions:
1) why is Debian shipping a development version of Bind9 with Trixie
(yes I know another name for Trixie is testing, but still)
2) Samba needs to update its 'named.conf' and known Bind9 versions
again.
Rowland
More information about the samba
mailing list