Quantcast

Upgrading BIND DNS Backend

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Upgrading BIND DNS Backend

Samba - General mailing list
Hi,

I am trying to upgrade frm INTERNAL DNS to BIND_DLZ.

I followed the procedure given in
https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC 
and https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End.

When I start the BIND Service, it fails with an error. In journalctl -xe
we come to know that named service is unbale to open dlz_bind9_9.so file.

Full error message is as below.

--------------------------------------------------

[root@dc private]# systemctl start named
Job for named.service failed because the control process exited with
error code. See "systemctl status named.service" and "journalctl -xe"
for details.
[root@dc private]# journalctl -xe
May 11 20:03:41 dc.exza.local named[2506]:
----------------------------------------------------
May 11 20:03:41 dc.exza.local named[2506]: adjusted limit on open files
from 4096 to 1048576
May 11 20:03:41 dc.exza.local named[2506]: found 2 CPUs, using 2 worker
threads
May 11 20:03:41 dc.exza.local named[2506]: using 2 UDP listeners per
interface
May 11 20:03:41 dc.exza.local named[2506]: using up to 4096 sockets
May 11 20:03:41 dc.exza.local named[2506]: loading configuration from
'/etc/named.conf'
May 11 20:03:41 dc.exza.local named[2506]: reading built-in trusted keys
from file '/etc/named.iscdlv.key'
May 11 20:03:41 dc.exza.local named[2506]: initializing GeoIP Country
(IPv4) (type 1) DB
May 11 20:03:41 dc.exza.local named[2506]: GEO-106FREE 20160607 Build 1
Copyright (c) 2016 MaxMind
May 11 20:03:41 dc.exza.local named[2506]: initializing GeoIP Country
(IPv6) (type 12) DB
May 11 20:03:41 dc.exza.local named[2506]: GEO-106FREE 20160607 Build 1 Copy
May 11 20:03:41 dc.exza.local named[2506]: GeoIP City (IPv4) (type 2) DB
not available
May 11 20:03:41 dc.exza.local named[2506]: GeoIP City (IPv4) (type 6) DB
not available
May 11 20:03:41 dc.exza.local named[2506]: GeoIP City (IPv6) (type 30)
DB not available
May 11 20:03:41 dc.exza.local named[2506]: GeoIP City (IPv6) (type 31)
DB not available
May 11 20:03:41 dc.exza.local named[2506]: GeoIP Region (type 3) DB not
available
May 11 20:03:41 dc.exza.local named[2506]: GeoIP Region (type 7) DB not
available
May 11 20:03:41 dc.exza.local named[2506]: GeoIP ISP (type 4) DB not
available
May 11 20:03:41 dc.exza.local named[2506]: GeoIP Org (type 5) DB not
available
May 11 20:03:41 dc.exza.local named[2506]: GeoIP AS (type 9) DB not
available
May 11 20:03:41 dc.exza.local named[2506]: GeoIP Domain (type 11) DB not
available
May 11 20:03:41 dc.exza.local named[2506]: GeoIP NetSpeed (type 10) DB
not available
May 11 20:03:41 dc.exza.local named[2506]: using default UDP/IPv4 port
range: [1024, 65535]
May 11 20:03:41 dc.exza.local named[2506]: using default UDP/IPv6 port
range: [1024, 65535]
May 11 20:03:41 dc.exza.local named[2506]: listening on IPv4 interface
lo, 127.0.0.1#53
May 11 20:03:41 dc.exza.local named[2506]: listening on IPv6 interface
lo, ::1#53
May 11 20:03:41 dc.exza.local named[2506]: generating session key for
dynamic DNS
May 11 20:03:41 dc.exza.local named[2506]: sizing zone task pool based
on 6 zones
May 11 20:03:41 dc.exza.local named[2506]: Loading 'AD DNS Zone' using
driver dlopen
May 11 20:03:41 dc.exza.local named[2506]: dlz_dlopen failed to open
library '/usr/local/samba/lib/bind9/dlz_bind9_9.so' -
/usr/local/samba/lib/bind9/dlz_bind9_9.so: fail
May 11 20:03:41 dc.exza.local named[2506]: dlz_dlopen of 'AD DNS Zone'
failed
May 11 20:03:41 dc.exza.local kernel: named[2508]: segfault at a8 ip
00007f1d03a7d1d9 sp 00007f1cfee7b320 error 4 in named[7f1d03a0e000+87000]
May 11 20:03:41 dc.exza.local systemd[1]: named.service: control process
exited, code=exited status=1
May 11 20:03:41 dc.exza.local systemd[1]: Failed to start Berkeley
Internet Name Domain (DNS).
-- Subject: Unit named.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit named.service has failed.
--
-- The result is failed.
-----------------------------------------------

Any suggestions to start BIND9_DLZ properly?

--

Thanks & Regards,


Anantha Raghava


DISCLAIMER:
This e-mail communication and any attachments may be privileged and
confidential to eXza Technology Consulting & Services, and are intended
only for the use of the recipients named above If you are not the
addressee you may not copy, forward, disclose or use any part of it. If
you have received this message in error, please delete it and all copies
from your system and notify the sender immediately by return e-mail.
Internet communications cannot be guaranteed to be timely, secure, error
or virus-free. The sender does not accept liability for any errors or
omissions.


Do not print this e-mail unless required. Save Paper & trees.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Upgrading BIND DNS Backend

Samba - General mailing list
Hi,

Problem solved. It was related to SELINUX.

The moment it is disabled, BIND service started properly.

--

Thanks & Regards,


Anantha Raghava


DISCLAIMER:
This e-mail communication and any attachments may be privileged and
confidential to eXza Technology Consulting & Services, and are intended
only for the use of the recipients named above If you are not the
addressee you may not copy, forward, disclose or use any part of it. If
you have received this message in error, please delete it and all copies
from your system and notify the sender immediately by return e-mail.
Internet communications cannot be guaranteed to be timely, secure, error
or virus-free. The sender does not accept liability for any errors or
omissions.


Do not print this e-mail unless required. Save Paper & trees.

On Thursday 11 May 2017 08:10 PM, Anantha Raghava wrote:

>
> Hi,
>
> I am trying to upgrade frm INTERNAL DNS to BIND_DLZ.
>
> I followed the procedure given in
> https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC 
> and https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End.
>
> When I start the BIND Service, it fails with an error. In journalctl
> -xe we come to know that named service is unbale to open
> dlz_bind9_9.so file.
>
> Full error message is as below.
>
> --------------------------------------------------
>
> [root@dc private]# systemctl start named
> Job for named.service failed because the control process exited with
> error code. See "systemctl status named.service" and "journalctl -xe"
> for details.
> [root@dc private]# journalctl -xe
> May 11 20:03:41 dc.exza.local named[2506]:
> ----------------------------------------------------
> May 11 20:03:41 dc.exza.local named[2506]: adjusted limit on open
> files from 4096 to 1048576
> May 11 20:03:41 dc.exza.local named[2506]: found 2 CPUs, using 2
> worker threads
> May 11 20:03:41 dc.exza.local named[2506]: using 2 UDP listeners per
> interface
> May 11 20:03:41 dc.exza.local named[2506]: using up to 4096 sockets
> May 11 20:03:41 dc.exza.local named[2506]: loading configuration from
> '/etc/named.conf'
> May 11 20:03:41 dc.exza.local named[2506]: reading built-in trusted
> keys from file '/etc/named.iscdlv.key'
> May 11 20:03:41 dc.exza.local named[2506]: initializing GeoIP Country
> (IPv4) (type 1) DB
> May 11 20:03:41 dc.exza.local named[2506]: GEO-106FREE 20160607 Build
> 1 Copyright (c) 2016 MaxMind
> May 11 20:03:41 dc.exza.local named[2506]: initializing GeoIP Country
> (IPv6) (type 12) DB
> May 11 20:03:41 dc.exza.local named[2506]: GEO-106FREE 20160607 Build
> 1 Copy
> May 11 20:03:41 dc.exza.local named[2506]: GeoIP City (IPv4) (type 2)
> DB not available
> May 11 20:03:41 dc.exza.local named[2506]: GeoIP City (IPv4) (type 6)
> DB not available
> May 11 20:03:41 dc.exza.local named[2506]: GeoIP City (IPv6) (type 30)
> DB not available
> May 11 20:03:41 dc.exza.local named[2506]: GeoIP City (IPv6) (type 31)
> DB not available
> May 11 20:03:41 dc.exza.local named[2506]: GeoIP Region (type 3) DB
> not available
> May 11 20:03:41 dc.exza.local named[2506]: GeoIP Region (type 7) DB
> not available
> May 11 20:03:41 dc.exza.local named[2506]: GeoIP ISP (type 4) DB not
> available
> May 11 20:03:41 dc.exza.local named[2506]: GeoIP Org (type 5) DB not
> available
> May 11 20:03:41 dc.exza.local named[2506]: GeoIP AS (type 9) DB not
> available
> May 11 20:03:41 dc.exza.local named[2506]: GeoIP Domain (type 11) DB
> not available
> May 11 20:03:41 dc.exza.local named[2506]: GeoIP NetSpeed (type 10) DB
> not available
> May 11 20:03:41 dc.exza.local named[2506]: using default UDP/IPv4 port
> range: [1024, 65535]
> May 11 20:03:41 dc.exza.local named[2506]: using default UDP/IPv6 port
> range: [1024, 65535]
> May 11 20:03:41 dc.exza.local named[2506]: listening on IPv4 interface
> lo, 127.0.0.1#53
> May 11 20:03:41 dc.exza.local named[2506]: listening on IPv6 interface
> lo, ::1#53
> May 11 20:03:41 dc.exza.local named[2506]: generating session key for
> dynamic DNS
> May 11 20:03:41 dc.exza.local named[2506]: sizing zone task pool based
> on 6 zones
> May 11 20:03:41 dc.exza.local named[2506]: Loading 'AD DNS Zone' using
> driver dlopen
> May 11 20:03:41 dc.exza.local named[2506]: dlz_dlopen failed to open
> library '/usr/local/samba/lib/bind9/dlz_bind9_9.so' -
> /usr/local/samba/lib/bind9/dlz_bind9_9.so: fail
> May 11 20:03:41 dc.exza.local named[2506]: dlz_dlopen of 'AD DNS Zone'
> failed
> May 11 20:03:41 dc.exza.local kernel: named[2508]: segfault at a8 ip
> 00007f1d03a7d1d9 sp 00007f1cfee7b320 error 4 in named[7f1d03a0e000+87000]
> May 11 20:03:41 dc.exza.local systemd[1]: named.service: control
> process exited, code=exited status=1
> May 11 20:03:41 dc.exza.local systemd[1]: Failed to start Berkeley
> Internet Name Domain (DNS).
> -- Subject: Unit named.service has failed
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> --
> -- Unit named.service has failed.
> --
> -- The result is failed.
> -----------------------------------------------
>
> Any suggestions to start BIND9_DLZ properly?
>
> --
>
> Thanks & Regards,
>
>
> Anantha Raghava
>
>
> DISCLAIMER:
> This e-mail communication and any attachments may be privileged and
> confidential to eXza Technology Consulting & Services, and are
> intended only for the use of the recipients named above If you are not
> the addressee you may not copy, forward, disclose or use any part of
> it. If you have received this message in error, please delete it and
> all copies from your system and notify the sender immediately by
> return e-mail. Internet communications cannot be guaranteed to be
> timely, secure, error or virus-free. The sender does not accept
> liability for any errors or omissions.
>
>
> Do not print this e-mail unless required. Save Paper & trees.
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Upgrading BIND DNS Backend

Samba - General mailing list
Hi,

After upgrading to BIND9_DLZ, BIND service is properly starting.
However, DNS updates are failing. When I try to force the DNS update, I
get the following error.

Even kinit command returns "kinit: Cannot find KDC for realm
"EXZA.LOCAL" while getting initial credentials"

---------------------------------------

[root@dc ~]# samba_dnsupdate --verbose --all-names
IPs: ['192.168.100.17']
force update: A dc.exza.local 192.168.100.17
force update: NS exza.local dc.exza.local
force update: NS _msdcs.exza.local dc.exza.local
force update: A exza.local 192.168.100.17
force update: SRV _ldap._tcp.exza.local dc.exza.local 389
force update: SRV _ldap._tcp.dc._msdcs.exza.local dc.exza.local 389
force update: SRV
_ldap._tcp.af5a4fc4-5880-4fd3-a904-e023bc3d2a53.domains._msdcs.exza.local
dc.exza.local 389
force update: SRV _kerberos._tcp.exza.local dc.exza.local 88
force update: SRV _kerberos._udp.exza.local dc.exza.local 88
force update: SRV _kerberos._tcp.dc._msdcs.exza.local dc.exza.local 88
force update: SRV _kpasswd._tcp.exza.local dc.exza.local 464
force update: SRV _kpasswd._udp.exza.local dc.exza.local 464
force update: CNAME
cfbc189a-c9a4-4f48-8bce-7f7fb52634b9._msdcs.exza.local dc.exza.local
force update: SRV _ldap._tcp.Default-First-Site-Name._sites.exza.local
dc.exza.local 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.exza.local
dc.exza.local 389
force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.exza.local dc.exza.local 88
force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.exza.local
dc.exza.local 88
force update: SRV _ldap._tcp.pdc._msdcs.exza.local dc.exza.local 389
force update: A gc._msdcs.exza.local 192.168.100.17
force update: SRV _gc._tcp.exza.local dc.exza.local 3268
force update: SRV _ldap._tcp.gc._msdcs.exza.local dc.exza.local 3268
force update: SRV _gc._tcp.Default-First-Site-Name._sites.exza.local
dc.exza.local 3268
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.exza.local
dc.exza.local 3268
force update: A DomainDnsZones.exza.local 192.168.100.17
force update: SRV _ldap._tcp.DomainDnsZones.exza.local dc.exza.local 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.exza.local
dc.exza.local 389
force update: A ForestDnsZones.exza.local 192.168.100.17
force update: SRV _ldap._tcp.ForestDnsZones.exza.local dc.exza.local 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.exza.local
dc.exza.local 389
29 DNS updates and 0 DNS deletes needed
Failed to get Kerberos credentials, falling back to samba-tool: kinit
for DC$@EXZA.LOCAL failed (Cannot contact any KDC for requested realm)

update (samba-tool): A dc.exza.local 192.168.100.17
Calling samba-tool dns for A dc.exza.local 192.168.100.17 (add)
Calling samba-tool dns add -k no -P ['192.168.100.17', 'exza.local',
'dc', 'A', '192.168.100.17']
ERROR(runtime): uncaught exception - (9711,
'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
   File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
     return self.run(*args, **kwargs)
   File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dns.py",
line 1098, in run
     raise e
Failed 'samba-tool dns' based update: A dc.exza.local 192.168.100.17 :
local variable 'estr' referenced before assignment
Traceback (most recent call last):
   File "/usr/local/samba/sbin/samba_dnsupdate", line 835, in <module>
     call_samba_tool(d, zone=d.zone)
   File "/usr/local/samba/sbin/samba_dnsupdate", line 564, in
call_samba_tool
     print("Failed 'samba-tool dns' based update: %s : %s" % (str(d), estr))
UnboundLocalError: local variable 'estr' referenced before assignment

-------------------------------

How to fix this issue?

--

Thanks & Regards,


Anantha Raghava


DISCLAIMER:

This e-mail communication and any attachments may be privileged and
confidential to eXza Technology Consulting & Services, and are intended
only for the use of the recipients named above If you are not the
addressee you may not copy, forward, disclose or use any part of it. If
you have received this message in error, please delete it and all copies
from your system and notify the sender immediately by return e-mail.
Internet communications cannot be guaranteed to be timely, secure, error
or virus-free. The sender does not accept liability for any errors or
omissions.


Do not print this e-mail unless required. Save Paper & trees.

On Thursday 11 May 2017 08:35 PM, Anantha Raghava wrote:

>
> Hi,
>
> Problem solved. It was related to SELINUX.
>
> The moment it is disabled, BIND service started properly.
>
> --
>
> Thanks & Regards,
>
>
> Anantha Raghava
>
>
> DISCLAIMER:
> This e-mail communication and any attachments may be privileged and
> confidential to eXza Technology Consulting & Services, and are
> intended only for the use of the recipients named above If you are not
> the addressee you may not copy, forward, disclose or use any part of
> it. If you have received this message in error, please delete it and
> all copies from your system and notify the sender immediately by
> return e-mail. Internet communications cannot be guaranteed to be
> timely, secure, error or virus-free. The sender does not accept
> liability for any errors or omissions.
>
>
> Do not print this e-mail unless required. Save Paper & trees.
>
> On Thursday 11 May 2017 08:10 PM, Anantha Raghava wrote:
>>
>> Hi,
>>
>> I am trying to upgrade frm INTERNAL DNS to BIND_DLZ.
>>
>> I followed the procedure given in
>> https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC 
>> and https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End.
>>
>> When I start the BIND Service, it fails with an error. In journalctl
>> -xe we come to know that named service is unbale to open
>> dlz_bind9_9.so file.
>>
>> Full error message is as below.
>>
>> --------------------------------------------------
>>
>> [root@dc private]# systemctl start named
>> Job for named.service failed because the control process exited with
>> error code. See "systemctl status named.service" and "journalctl -xe"
>> for details.
>> [root@dc private]# journalctl -xe
>> May 11 20:03:41 dc.exza.local named[2506]:
>> ----------------------------------------------------
>> May 11 20:03:41 dc.exza.local named[2506]: adjusted limit on open
>> files from 4096 to 1048576
>> May 11 20:03:41 dc.exza.local named[2506]: found 2 CPUs, using 2
>> worker threads
>> May 11 20:03:41 dc.exza.local named[2506]: using 2 UDP listeners per
>> interface
>> May 11 20:03:41 dc.exza.local named[2506]: using up to 4096 sockets
>> May 11 20:03:41 dc.exza.local named[2506]: loading configuration from
>> '/etc/named.conf'
>> May 11 20:03:41 dc.exza.local named[2506]: reading built-in trusted
>> keys from file '/etc/named.iscdlv.key'
>> May 11 20:03:41 dc.exza.local named[2506]: initializing GeoIP Country
>> (IPv4) (type 1) DB
>> May 11 20:03:41 dc.exza.local named[2506]: GEO-106FREE 20160607 Build
>> 1 Copyright (c) 2016 MaxMind
>> May 11 20:03:41 dc.exza.local named[2506]: initializing GeoIP Country
>> (IPv6) (type 12) DB
>> May 11 20:03:41 dc.exza.local named[2506]: GEO-106FREE 20160607 Build
>> 1 Copy
>> May 11 20:03:41 dc.exza.local named[2506]: GeoIP City (IPv4) (type 2)
>> DB not available
>> May 11 20:03:41 dc.exza.local named[2506]: GeoIP City (IPv4) (type 6)
>> DB not available
>> May 11 20:03:41 dc.exza.local named[2506]: GeoIP City (IPv6) (type
>> 30) DB not available
>> May 11 20:03:41 dc.exza.local named[2506]: GeoIP City (IPv6) (type
>> 31) DB not available
>> May 11 20:03:41 dc.exza.local named[2506]: GeoIP Region (type 3) DB
>> not available
>> May 11 20:03:41 dc.exza.local named[2506]: GeoIP Region (type 7) DB
>> not available
>> May 11 20:03:41 dc.exza.local named[2506]: GeoIP ISP (type 4) DB not
>> available
>> May 11 20:03:41 dc.exza.local named[2506]: GeoIP Org (type 5) DB not
>> available
>> May 11 20:03:41 dc.exza.local named[2506]: GeoIP AS (type 9) DB not
>> available
>> May 11 20:03:41 dc.exza.local named[2506]: GeoIP Domain (type 11) DB
>> not available
>> May 11 20:03:41 dc.exza.local named[2506]: GeoIP NetSpeed (type 10)
>> DB not available
>> May 11 20:03:41 dc.exza.local named[2506]: using default UDP/IPv4
>> port range: [1024, 65535]
>> May 11 20:03:41 dc.exza.local named[2506]: using default UDP/IPv6
>> port range: [1024, 65535]
>> May 11 20:03:41 dc.exza.local named[2506]: listening on IPv4
>> interface lo, 127.0.0.1#53
>> May 11 20:03:41 dc.exza.local named[2506]: listening on IPv6
>> interface lo, ::1#53
>> May 11 20:03:41 dc.exza.local named[2506]: generating session key for
>> dynamic DNS
>> May 11 20:03:41 dc.exza.local named[2506]: sizing zone task pool
>> based on 6 zones
>> May 11 20:03:41 dc.exza.local named[2506]: Loading 'AD DNS Zone'
>> using driver dlopen
>> May 11 20:03:41 dc.exza.local named[2506]: dlz_dlopen failed to open
>> library '/usr/local/samba/lib/bind9/dlz_bind9_9.so' -
>> /usr/local/samba/lib/bind9/dlz_bind9_9.so: fail
>> May 11 20:03:41 dc.exza.local named[2506]: dlz_dlopen of 'AD DNS
>> Zone' failed
>> May 11 20:03:41 dc.exza.local kernel: named[2508]: segfault at a8 ip
>> 00007f1d03a7d1d9 sp 00007f1cfee7b320 error 4 in named[7f1d03a0e000+87000]
>> May 11 20:03:41 dc.exza.local systemd[1]: named.service: control
>> process exited, code=exited status=1
>> May 11 20:03:41 dc.exza.local systemd[1]: Failed to start Berkeley
>> Internet Name Domain (DNS).
>> -- Subject: Unit named.service has failed
>> -- Defined-By: systemd
>> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>> --
>> -- Unit named.service has failed.
>> --
>> -- The result is failed.
>> -----------------------------------------------
>>
>> Any suggestions to start BIND9_DLZ properly?
>>
>> --
>>
>> Thanks & Regards,
>>
>>
>> Anantha Raghava
>>
>>
>> DISCLAIMER:
>> This e-mail communication and any attachments may be privileged and
>> confidential to eXza Technology Consulting & Services, and are
>> intended only for the use of the recipients named above If you are
>> not the addressee you may not copy, forward, disclose or use any part
>> of it. If you have received this message in error, please delete it
>> and all copies from your system and notify the sender immediately by
>> return e-mail. Internet communications cannot be guaranteed to be
>> timely, secure, error or virus-free. The sender does not accept
>> liability for any errors or omissions.
>>
>>
>> Do not print this e-mail unless required. Save Paper & trees.
>>
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Upgrading BIND DNS Backend

Samba - General mailing list
Hi Anantha,

Am 11.05.2017 um 17:28 schrieb Anantha Raghava via samba:
> [root@dc ~]# samba_dnsupdate --verbose --all-names
> ...
> Failed to get Kerberos credentials, falling back to samba-tool: kinit
> for DC$@EXZA.LOCAL failed (Cannot contact any KDC for requested realm)
 > ...
 > How to fix this issue?

Does this Samba DC use an AD DNS server in /etc/resolv.conf to resolve
the AD zone? The KDC is located using DNS.

Since your previous problem was SELinux related: Have you tested if DNS
updates succeed if you temporarily switch to "permissive" mode?



Regards,
Marc

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Upgrading BIND DNS Backend

Samba - General mailing list
Hello Marc,

Upgrade DNS worked properly as you can see below.

---------

samba_upgradedns --dns-backend=BIND9_DLZ
Reading domain information
DNS accounts already exist
No zone file /usr/local/samba/private/dns/EXZA.LOCAL.zone            
         # is this the culprit?
DNS records will be automatically created
DNS partitions already exist
dns-dc account already exists
See /usr/local/samba/private/named.conf for an example configuration
include file for BIND
and /usr/local/samba/private/named.txt for further documentation
required for secure DNS updates

------

My /etc/resolv.conf reads as below.

domain exza.local
nameserver 192.168.100.17

ping exza.local timesout, nslookup also times out. Whereas ping
dc.exza.local responds properly and points to 192.168.100.17

smb.conf is shown below.

---------------

# Global parameters
[global]
         netbios name = DC
         realm = EXZA.LOCAL
         workgroup = EXZA
         # dns forwarder = 192.168.100.1
         server role = active directory domain controller
         idmap_ldb:use rfc2307 = yes
         server services = -dns

[netlogon]
     path = /usr/local/samba/var/locks/sysvol/exza.local/scripts
         read only = No

[sysvol]
         path = /usr/local/samba/var/locks/sysvol
         read only = No

------------------------------------

--

Thanks & Regards,


Anantha Raghava

eXzaTech Consulting And Services Pvt. Ltd.

Ph: +91-9538849179, E-mail: [hidden email]
<mailto:[hidden email]>

URL: http://www.exzatechconsulting.com <http://www.exzatechconsulting.com/>



DISCLAIMER:
This e-mail communication and any attachments may be privileged and
confidential to eXza Technology Consulting & Services, and are intended
only for the use of the recipients named above If you are not the
addressee you may not copy, forward, disclose or use any part of it. If
you have received this message in error, please delete it and all copies
from your system and notify the sender immediately by return e-mail.
Internet communications cannot be guaranteed to be timely, secure, error
or virus-free. The sender does not accept liability for any errors or
omissions.


Do not print this e-mail unless required. Save Paper & trees.

On Thursday 11 May 2017 09:25 PM, Marc Muehlfeld wrote:

> Hi Anantha,
>
> Am 11.05.2017 um 17:28 schrieb Anantha Raghava via samba:
>> [root@dc ~]# samba_dnsupdate --verbose --all-names
>> ...
>> Failed to get Kerberos credentials, falling back to samba-tool: kinit
>> for DC$@EXZA.LOCAL failed (Cannot contact any KDC for requested realm)
> > ...
> > How to fix this issue?
>
> Does this Samba DC use an AD DNS server in /etc/resolv.conf to resolve
> the AD zone? The KDC is located using DNS.
>
> Since your previous problem was SELinux related: Have you tested if
> DNS updates succeed if you temporarily switch to "permissive" mode?
>
>
>
> Regards,
> Marc

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Upgrading BIND DNS Backend

Samba - General mailing list
Hello Marc,

The problem is solved. BIND DNS was not listening to 192.168.100.17 on
53 port. I corrected the named.conf to listen on 192.168.100.17 and now
kinit is working properly.

Now all dynamic updates should work.

--

Thanks & Regards,


Anantha Raghava


DISCLAIMER:
This e-mail communication and any attachments may be privileged and
confidential to eXza Technology Consulting & Services, and are intended
only for the use of the recipients named above If you are not the
addressee you may not copy, forward, disclose or use any part of it. If
you have received this message in error, please delete it and all copies
from your system and notify the sender immediately by return e-mail.
Internet communications cannot be guaranteed to be timely, secure, error
or virus-free. The sender does not accept liability for any errors or
omissions.


Do not print this e-mail unless required. Save Paper & trees.

On Thursday 11 May 2017 10:59 PM, Anantha Raghava wrote:

>
> Hello Marc,
>
> Upgrade DNS worked properly as you can see below.
>
> ---------
>
> samba_upgradedns --dns-backend=BIND9_DLZ
> Reading domain information
> DNS accounts already exist
> No zone file /usr/local/samba/private/dns/EXZA.LOCAL.zone            
>         # is this the culprit?
> DNS records will be automatically created
> DNS partitions already exist
> dns-dc account already exists
> See /usr/local/samba/private/named.conf for an example configuration
> include file for BIND
> and /usr/local/samba/private/named.txt for further documentation
> required for secure DNS updates
>
> ------
>
> My /etc/resolv.conf reads as below.
>
> domain exza.local
> nameserver 192.168.100.17
>
> ping exza.local timesout, nslookup also times out. Whereas ping
> dc.exza.local responds properly and points to 192.168.100.17
>
> smb.conf is shown below.
>
> ---------------
>
> # Global parameters
> [global]
>         netbios name = DC
>         realm = EXZA.LOCAL
>         workgroup = EXZA
>         # dns forwarder = 192.168.100.1
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         server services = -dns
>
> [netlogon]
>     path = /usr/local/samba/var/locks/sysvol/exza.local/scripts
>         read only = No
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
> ------------------------------------
>
> --
>
> Thanks & Regards,
>
>
> Anantha Raghava
>
> eXzaTech Consulting And Services Pvt. Ltd.
>
> Ph: +91-9538849179, E-mail: [hidden email]
> <mailto:[hidden email]>
>
> URL: http://www.exzatechconsulting.com 
> <http://www.exzatechconsulting.com/>
>
>
>
> DISCLAIMER:
> This e-mail communication and any attachments may be privileged and
> confidential to eXza Technology Consulting & Services, and are
> intended only for the use of the recipients named above If you are not
> the addressee you may not copy, forward, disclose or use any part of
> it. If you have received this message in error, please delete it and
> all copies from your system and notify the sender immediately by
> return e-mail. Internet communications cannot be guaranteed to be
> timely, secure, error or virus-free. The sender does not accept
> liability for any errors or omissions.
>
>
> Do not print this e-mail unless required. Save Paper & trees.
>
> On Thursday 11 May 2017 09:25 PM, Marc Muehlfeld wrote:
>> Hi Anantha,
>>
>> Am 11.05.2017 um 17:28 schrieb Anantha Raghava via samba:
>>> [root@dc ~]# samba_dnsupdate --verbose --all-names
>>> ...
>>> Failed to get Kerberos credentials, falling back to samba-tool:
>>> kinit for DC$@EXZA.LOCAL failed (Cannot contact any KDC for
>>> requested realm)
>> > ...
>> > How to fix this issue?
>>
>> Does this Samba DC use an AD DNS server in /etc/resolv.conf to
>> resolve the AD zone? The KDC is located using DNS.
>>
>> Since your previous problem was SELinux related: Have you tested if
>> DNS updates succeed if you temporarily switch to "permissive" mode?
>>
>>
>>
>> Regards,
>> Marc
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...