[Bug 1186201] New: named (DNS) fails after provision of samba-ad-dc
http://bugzilla.opensuse.org/show_bug.cgi?id=1186201 Bug ID: 1186201 Summary: named (DNS) fails after provision of samba-ad-dc Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: aarch64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Samba Assignee: samba-maintainers@SuSE.de Reporter: conde.philippe@skynet.be QA Contact: samba-maintainers@SuSE.de Found By: --- Blocker: --- I have a raspberry pi 400 with tumbleweed and installed named therein. named is master for the sub-zone "samdom.pce23.net". After provision of samba-ad-dc named fails starting with "systemctl start named" rasp:/var/lib/samba/bind-dns # systemctl start named Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details. rasp:/var/lib/samba/bind-dns # systemctl status named ��� named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2021-05-13 22:01:24 CEST; 11s ago Process: 3023 ExecStartPre=/usr/libexec/bind/named.prep (code=exited, status=0/SUCCESS) Process: 3029 ExecStart=/usr/sbin/named -u named -d 9 $NAMED_ARGS (code=exited, status=1/FAILURE) CPU: 315ms May 13 22:01:24 rasp named[3030]: samba_dlz: Failed to connect to Failed to connect to /var/lib/samba/bind-dns/dns/sam.ldb: Unable to open tdb '/var/lib/samba/bind-dns/dns/sam.ldb': Read-only file system: Operations error May 13 22:01:24 rasp named[3030]: samba_dlz: FAILED dlz_create call result=25 #refs=0 May 13 22:01:24 rasp named[3030]: dlz_dlopen of 'AD DNS Zone' failed May 13 22:01:24 rasp named[3030]: SDLZ driver failed to load. May 13 22:01:24 rasp named[3030]: DLZ driver failed to load. May 13 22:01:24 rasp named[3030]: loading configuration: failure May 13 22:01:24 rasp named[3030]: exiting (due to fatal error) May 13 22:01:24 rasp systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE May 13 22:01:24 rasp systemd[1]: named.service: Failed with result 'exit-code'. May 13 22:01:24 rasp systemd[1]: Failed to start Berkeley Internet Name Domain (DNS). I followed this document for installation https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Dom... Provision of samba: rasp:/var/lib/samba # samba-tool domain provision --use-rfc2307 --interactive Realm [SAMDOM.PCE23.NET]: Domain [SAMDOM]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_DLZ Administrator password: Retype password: ... INFO 2021-05-13 21:55:21,336 pid:2899 /usr/.../samba/provision/__init__.py #492: Server Role: active directory domain controller INFO 2021-05-13 21:55:21,336 pid:2899 /usr/.../samba/provision/__init__.py #493: Hostname: rasp INFO 2021-05-13 21:55:21,336 pid:2899 /usr/.../samba/provision/__init__.py #494: NetBIOS Domain: SAMDOM INFO 2021-05-13 21:55:21,336 pid:2899 /usr/.../samba/provision/__init__.py #495: DNS Domain: samdom.pce23.net INFO 2021-05-13 21:55:21,337 pid:2899 /usr/.../samba/provision/__init__.py #496: DOMAIN SID: S-1-5-21-4198509159-1934609394-2213185027: After provison I added in /etc/named.conf the following lines include "/var/lib/samba/bind-dns/named.conf"; ... options { ... ###SAMBA tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; minimal-responses yes; ### SAMBA ���} the sub zone is defined as zone "samdom.pce23.net" in { type master; file "dyn/samdom.pce23.net"; also-notify { 192.168.1.120; }; notify yes; allow-transfer { 192.168.1.120; }; allow-query { 192.168.1.0/24; 192.168.2.0/24; 192.168.3.0/24; 192.168.4.0/24; }; }; I changed the authorization of /var/lib/samba/bind-dns/dns and the files therein chown root:named * ==> still error chown named:named * ==> still error chmod 777 for directories and hmod 666 for file s==> still error I did a trace via strace -o /tmp/named3.log -f /usr/sbin/named -u named -d 9 & and the error in journalctl is May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'gssapi_krb5' registered May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'gssapi_krb5_sasl' registered May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'spnego' registered May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'schannel' registered May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'naclrpc_as_system' registered May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'sasl-EXTERNAL' registered May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'ntlmssp' registered May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'ntlmssp_resume_ccache' registered May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'http_basic' registered May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'http_ntlm' registered May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'http_negotiate' registered May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'krb5' registered May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'fake_gssapi_krb5' registered May 18 11:21:58 rasp named[6206]: samba_dlz: ldb: No encrypted secrets key file. Secret attributes will not be encrypted or decrypted May 18 11:21:58 rasp named[6206]: samba_dlz: May 18 11:21:58 rasp named[6206]: samba_dlz: schema_fsmo_init: we are master[yes] updates allowed[no] May 18 11:21:58 rasp named[6206]: samba_dlz: started for DN DC=samdom,DC=pce23,DC=net May 18 11:21:58 rasp named[6206]: samba_dlz: starting configure May 18 11:21:58 rasp named[6206]: samba_dlz: Failed to configure zone 'samdom.pce23.net' May 18 11:21:58 rasp named[6206]: loading configuration: already exists May 18 11:21:58 rasp named[6206]: exiting (due to fatal error) but the zone file doesn't exist in /var/lib/named/dyn If needed I can attach the trace log file but I find nothing more detaillled about the error therein Regards -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186201 M Fredericks <emfee@gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |emfee@gmx.net -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186201 http://bugzilla.opensuse.org/show_bug.cgi?id=1186201#c1 --- Comment #1 from M Fredericks <emfee@gmx.net> --- See also https://forums.opensuse.org/showthread.php/554035-DNS-failed-after-samba-AD-... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186201 http://bugzilla.opensuse.org/show_bug.cgi?id=1186201#c2 Samuel Cabrero <scabrero@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS CC| |conde.philippe@skynet.be, | |samba-maintainers@SuSE.de, | |scabrero@suse.com Assignee|samba-maintainers@SuSE.de |scabrero@suse.com Flags| |needinfo?(conde.philippe@sk | |ynet.be) --- Comment #2 from Samuel Cabrero <scabrero@suse.com> --- Hi Philippe,
the sub zone is defined as zone "samdom.pce23.net" in { type master; file "dyn/samdom.pce23.net"; also-notify { 192.168.1.120; }; notify yes; allow-transfer { 192.168.1.120; }; allow-query { 192.168.1.0/24; 192.168.2.0/24; 192.168.3.0/24; 192.168.4.0/24; }; };
the first problem is you don't have to define the zone in /etc/named.conf. You provisioned the domain using the BIND9_DLZ backend which loads a dynamic library to access the zone stored in /var/lib/samba/bind-dns/dns/sam.ldb. Please remove the zone definition. The second problem is named's systemd unit file restricts the paths named can write to, this is the reason why you get the Read-only filesystem error. I will open a new bug to discuss this problem with bind maintainer but meanwhile you can add an override to workaround the problem: # systemctl edit named.service This will open an editor. Write: [Service] ReadWritePaths=/var/lib/named /run/named /var/lib/samba/bind-dns Save the file and named should start now. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186201 http://bugzilla.opensuse.org/show_bug.cgi?id=1186201#c3 Philippe Cond� <conde.philippe@skynet.be> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(conde.philippe@sk | |ynet.be) | --- Comment #3 from Philippe Cond� <conde.philippe@skynet.be> --- Problem solved following advice of Samuel Cabrero. but at least this info must be added when using systemd and samba-ad-dc. Regards Philippe -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com