using samba with bind dlz

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

using samba with bind dlz

Samba - General mailing list
I am trying to setup samba as a dc using bind dlz

I'm not sure how much I need to setup on bind before I can use it. I did
the following check.

[root@dc1 ~]# named -V | sed 's/ /\n/g'| grep '\-\-' |grep -e gssapi -e
dlopen
'--with-dlopen=yes'
'--with-gssapi=yes'

I am using the default config for samba that came with Fedora Rawhide.
I wanted to try out the newly built samba-4.7rc1 that was recently built
with ad support for it.

I'm willing to try out a few things. I'll do the internal dns if I can't
get bind working but I wanted to try bind with dlz ike I have working in
ubuntu.

Here is what happens

[root@dc1 ~]# named -V | sed 's/ /\n/g'| grep '\-\-' |grep -e gssapi -e
dlopen
'--with-dlopen=yes'
'--with-gssapi=yes'
[root@dc1 ~]# samba-tool domain provision --use-rfc2307 --interactive
Realm: fedora.methanemaker.mooo.com
 Domain [fedora]:
 Server Role (dc, member, standalone) [dc]:
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
[SAMBA_INTERNAL]: BIND9_DLZ
Administrator password:
...
everything looks good till
...
Failed to setup database for BIND, AD based DNS cannot be used
ERROR(<type 'exceptions.OSError'>): uncaught exception - [Errno 2] No such
file or directory
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line
176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line
474, in run
    nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
  File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 2175, in provision
    skip_sysvolacl=skip_sysvolacl)
  File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 1836, in provision_fill
    targetdir=targetdir, fill_level=samdb_fill)
  File "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py",
line 1162, in setup_ad_dns
    hostip6=hostip6, targetdir=targetdir)
  File "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py",
line 1222, in setup_bind9_dns
    create_samdb_copy(samdb, logger, paths, names, names.domainsid,
domainguid)
  File "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py",
line 851, in create_samdb_copy
    os.path.join(dns_dir, "sam.ldb"))
  File "/usr/lib64/python2.7/site-packages/samba/tdb_util.py", line 36, in
tdb_copy
    status = subprocess.call(tdbbackup_cmd, close_fds=True, shell=False)
  File "/usr/lib64/python2.7/subprocess.py", line 168, in call
    return Popen(*popenargs, **kwargs).wait()
  File "/usr/lib64/python2.7/subprocess.py", line 390, in __init__
    errread, errwrite)
  File "/usr/lib64/python2.7/subprocess.py", line 1024, in _execute_child
    raise child_exception
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using samba with bind dlz

Samba - General mailing list
On Sun, 9 Jul 2017 18:17:01 -0600
Jeff Sadowski via samba <[hidden email]> wrote:

> I am trying to setup samba as a dc using bind dlz
>
> I'm not sure how much I need to setup on bind before I can use it. I
> did the following check.
>
> [root@dc1 ~]# named -V | sed 's/ /\n/g'| grep '\-\-' |grep -e gssapi
> -e dlopen
> '--with-dlopen=yes'
> '--with-gssapi=yes'
>
> I am using the default config for samba that came with Fedora Rawhide.
> I wanted to try out the newly built samba-4.7rc1 that was recently
> built with ad support for it.
>
> I'm willing to try out a few things. I'll do the internal dns if I
> can't get bind working but I wanted to try bind with dlz ike I have
> working in ubuntu.
>
> Here is what happens
>
> [root@dc1 ~]# named -V | sed 's/ /\n/g'| grep '\-\-' |grep -e gssapi
> -e dlopen
> '--with-dlopen=yes'
> '--with-gssapi=yes'
> [root@dc1 ~]# samba-tool domain provision --use-rfc2307 --interactive
> Realm: fedora.methanemaker.mooo.com
>  Domain [fedora]:
>  Server Role (dc, member, standalone) [dc]:
>  DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
> [SAMBA_INTERNAL]: BIND9_DLZ
> Administrator password:
> ...
> everything looks good till
> ...
> Failed to setup database for BIND, AD based DNS cannot be used
> ERROR(<type 'exceptions.OSError'>): uncaught exception - [Errno 2] No
> such file or directory
>   File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py",
> line 474, in run
>     nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
>   File
> "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py",
> line 2175, in provision skip_sysvolacl=skip_sysvolacl)
>   File
> "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py",
> line 1836, in provision_fill targetdir=targetdir,
> fill_level=samdb_fill) File
> "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py",
> line 1162, in setup_ad_dns hostip6=hostip6, targetdir=targetdir)
>   File
> "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py",
> line 1222, in setup_bind9_dns create_samdb_copy(samdb, logger, paths,
> names, names.domainsid, domainguid)
>   File
> "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py",
> line 851, in create_samdb_copy os.path.join(dns_dir, "sam.ldb"))
>   File "/usr/lib64/python2.7/site-packages/samba/tdb_util.py", line
> 36, in tdb_copy
>     status = subprocess.call(tdbbackup_cmd, close_fds=True,
> shell=False) File "/usr/lib64/python2.7/subprocess.py", line 168, in
> call return Popen(*popenargs, **kwargs).wait()
>   File "/usr/lib64/python2.7/subprocess.py", line 390, in __init__
>     errread, errwrite)
>   File "/usr/lib64/python2.7/subprocess.py", line 1024, in
> _execute_child raise child_exception

I normally just install Bind 9, then configure it, but do not start it
before provisioning Samba.

What version of Bind is installed ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using samba with bind dlz

Samba - General mailing list
Bind-9.11 is installed. How do you configure it? Does it need anything
special in the config for samba to build the ...samba.../named.conf file
that I should be able to include in my /etc/named.conf afterwards?

 My guess is that some directory is missing. But if I start fresh and
configure samba with the internal dns it gets all the way through it's
configuration with no errors.

I've tried without named running and with it running and get the same
error. Mayke something missing in the python scripts building the dns file.

On Jul 10, 2017 12:48 AM, "Rowland Penny via samba" <[hidden email]>
wrote:

> On Sun, 9 Jul 2017 18:17:01 -0600
> Jeff Sadowski via samba <[hidden email]> wrote:
>
> > I am trying to setup samba as a dc using bind dlz
> >
> > I'm not sure how much I need to setup on bind before I can use it. I
> > did the following check.
> >
> > [root@dc1 ~]# named -V | sed 's/ /\n/g'| grep '\-\-' |grep -e gssapi
> > -e dlopen
> > '--with-dlopen=yes'
> > '--with-gssapi=yes'
> >
> > I am using the default config for samba that came with Fedora Rawhide.
> > I wanted to try out the newly built samba-4.7rc1 that was recently
> > built with ad support for it.
> >
> > I'm willing to try out a few things. I'll do the internal dns if I
> > can't get bind working but I wanted to try bind with dlz ike I have
> > working in ubuntu.
> >
> > Here is what happens
> >
> > [root@dc1 ~]# named -V | sed 's/ /\n/g'| grep '\-\-' |grep -e gssapi
> > -e dlopen
> > '--with-dlopen=yes'
> > '--with-gssapi=yes'
> > [root@dc1 ~]# samba-tool domain provision --use-rfc2307 --interactive
> > Realm: fedora.methanemaker.mooo.com
> >  Domain [fedora]:
> >  Server Role (dc, member, standalone) [dc]:
> >  DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
> > [SAMBA_INTERNAL]: BIND9_DLZ
> > Administrator password:
> > ...
> > everything looks good till
> > ...
> > Failed to setup database for BIND, AD based DNS cannot be used
> > ERROR(<type 'exceptions.OSError'>): uncaught exception - [Errno 2] No
> > such file or directory
> >   File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> > line 176, in _run
> >     return self.run(*args, **kwargs)
> >   File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py",
> > line 474, in run
> >     nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
> >   File
> > "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py",
> > line 2175, in provision skip_sysvolacl=skip_sysvolacl)
> >   File
> > "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py",
> > line 1836, in provision_fill targetdir=targetdir,
> > fill_level=samdb_fill) File
> > "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py",
> > line 1162, in setup_ad_dns hostip6=hostip6, targetdir=targetdir)
> >   File
> > "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py",
> > line 1222, in setup_bind9_dns create_samdb_copy(samdb, logger, paths,
> > names, names.domainsid, domainguid)
> >   File
> > "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py",
> > line 851, in create_samdb_copy os.path.join(dns_dir, "sam.ldb"))
> >   File "/usr/lib64/python2.7/site-packages/samba/tdb_util.py", line
> > 36, in tdb_copy
> >     status = subprocess.call(tdbbackup_cmd, close_fds=True,
> > shell=False) File "/usr/lib64/python2.7/subprocess.py", line 168, in
> > call return Popen(*popenargs, **kwargs).wait()
> >   File "/usr/lib64/python2.7/subprocess.py", line 390, in __init__
> >     errread, errwrite)
> >   File "/usr/lib64/python2.7/subprocess.py", line 1024, in
> > _execute_child raise child_exception
>
> I normally just install Bind 9, then configure it, but do not start it
> before provisioning Samba.
>
> What version of Bind is installed ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using samba with bind dlz

Samba - General mailing list
Maybe some python plugin's I need?

On Jul 10, 2017 6:43 AM, "Jeff Sadowski" <[hidden email]> wrote:

> Bind-9.11 is installed. How do you configure it? Does it need anything
> special in the config for samba to build the ...samba.../named.conf file
> that I should be able to include in my /etc/named.conf afterwards?
>
>  My guess is that some directory is missing. But if I start fresh and
> configure samba with the internal dns it gets all the way through it's
> configuration with no errors.
>
> I've tried without named running and with it running and get the same
> error. Mayke something missing in the python scripts building the dns file.
>
> On Jul 10, 2017 12:48 AM, "Rowland Penny via samba" <[hidden email]>
> wrote:
>
>> On Sun, 9 Jul 2017 18:17:01 -0600
>> Jeff Sadowski via samba <[hidden email]> wrote:
>>
>> > I am trying to setup samba as a dc using bind dlz
>> >
>> > I'm not sure how much I need to setup on bind before I can use it. I
>> > did the following check.
>> >
>> > [root@dc1 ~]# named -V | sed 's/ /\n/g'| grep '\-\-' |grep -e gssapi
>> > -e dlopen
>> > '--with-dlopen=yes'
>> > '--with-gssapi=yes'
>> >
>> > I am using the default config for samba that came with Fedora Rawhide.
>> > I wanted to try out the newly built samba-4.7rc1 that was recently
>> > built with ad support for it.
>> >
>> > I'm willing to try out a few things. I'll do the internal dns if I
>> > can't get bind working but I wanted to try bind with dlz ike I have
>> > working in ubuntu.
>> >
>> > Here is what happens
>> >
>> > [root@dc1 ~]# named -V | sed 's/ /\n/g'| grep '\-\-' |grep -e gssapi
>> > -e dlopen
>> > '--with-dlopen=yes'
>> > '--with-gssapi=yes'
>> > [root@dc1 ~]# samba-tool domain provision --use-rfc2307 --interactive
>> > Realm: fedora.methanemaker.mooo.com
>> >  Domain [fedora]:
>> >  Server Role (dc, member, standalone) [dc]:
>> >  DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
>> > [SAMBA_INTERNAL]: BIND9_DLZ
>> > Administrator password:
>> > ...
>> > everything looks good till
>> > ...
>> > Failed to setup database for BIND, AD based DNS cannot be used
>> > ERROR(<type 'exceptions.OSError'>): uncaught exception - [Errno 2] No
>> > such file or directory
>> >   File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
>> > line 176, in _run
>> >     return self.run(*args, **kwargs)
>> >   File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py",
>> > line 474, in run
>> >     nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
>> >   File
>> > "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py",
>> > line 2175, in provision skip_sysvolacl=skip_sysvolacl)
>> >   File
>> > "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py",
>> > line 1836, in provision_fill targetdir=targetdir,
>> > fill_level=samdb_fill) File
>> > "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py",
>> > line 1162, in setup_ad_dns hostip6=hostip6, targetdir=targetdir)
>> >   File
>> > "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py",
>> > line 1222, in setup_bind9_dns create_samdb_copy(samdb, logger, paths,
>> > names, names.domainsid, domainguid)
>> >   File
>> > "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py",
>> > line 851, in create_samdb_copy os.path.join(dns_dir, "sam.ldb"))
>> >   File "/usr/lib64/python2.7/site-packages/samba/tdb_util.py", line
>> > 36, in tdb_copy
>> >     status = subprocess.call(tdbbackup_cmd, close_fds=True,
>> > shell=False) File "/usr/lib64/python2.7/subprocess.py", line 168, in
>> > call return Popen(*popenargs, **kwargs).wait()
>> >   File "/usr/lib64/python2.7/subprocess.py", line 390, in __init__
>> >     errread, errwrite)
>> >   File "/usr/lib64/python2.7/subprocess.py", line 1024, in
>> > _execute_child raise child_exception
>>
>> I normally just install Bind 9, then configure it, but do not start it
>> before provisioning Samba.
>>
>> What version of Bind is installed ?
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using samba with bind dlz

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Mon, 10 Jul 2017 06:43:37 -0600
Jeff Sadowski <[hidden email]> wrote:

> Bind-9.11 is installed. How do you configure it? Does it need anything
> special in the config for samba to build the ...samba.../named.conf
> file that I should be able to include in my /etc/named.conf
> afterwards?

With Fedora being a bit 'bleeding edge', I just wondered if they had
started using Bind10, but 9.11 should be okay, Samba knows all about
that version ;-)

>
>  My guess is that some directory is missing. But if I start fresh and
> configure samba with the internal dns it gets all the way through it's
> configuration with no errors.

Not sure, all I can tell you is what packages I install when creating a
DC on Devuan:

samba acl attr quota fam winbind libpam-winbind libpam-krb5
libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9
bind9utils

>
> I've tried without named running and with it running and get the same
> error. Mayke something missing in the python scripts building the dns
> file.
>

I just install Bind9, configure it, but do not start it. I then
provision Samba. I then start Bind9 followed by Samba and it just
works. Perhaps there is something wrong in your bind conf files ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using samba with bind dlz

Samba - General mailing list
On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba <
[hidden email]> wrote:

> On Mon, 10 Jul 2017 06:43:37 -0600
> Jeff Sadowski <[hidden email]> wrote:
>
> > Bind-9.11 is installed. How do you configure it? Does it need anything
> > special in the config for samba to build the ...samba.../named.conf
> > file that I should be able to include in my /etc/named.conf
> > afterwards?
>
> With Fedora being a bit 'bleeding edge', I just wondered if they had
> started using Bind10, but 9.11 should be okay, Samba knows all about
> that version ;-)
>
> >
> >  My guess is that some directory is missing. But if I start fresh and
> > configure samba with the internal dns it gets all the way through it's
> > configuration with no errors.
>
> Not sure, all I can tell you is what packages I install when creating a
> DC on Devuan:
>
> samba acl attr quota fam winbind libpam-winbind libpam-krb5
> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9
> bind9utils
>
> of course fedora would have all different package names.
I avoided installing bind-chroot and  bind-sdb-chroot.x86_64 as the bind
dlz  info on samba
said not to chroot bind I'm not sure what bind99 libs are but I installed
all other bind
packages listed with "dnf list bind*"

[root@dc1 ~]# dnf list dns* |grep -v i686
Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017 05:51:50 AM
MDT.
Installed Packages
dnsjava.noarch                             2.1.3-12.fc26
 @rawhide
Available Packages
dnscap.x86_64                              141-11.fc26
 rawhide
dnscrypt-proxy.x86_64                      1.9.0-2.fc26
rawhide
dnscrypt-proxy-gui.x86_64                  1.11.10-1.fc27
rawhide
dnsdist.x86_64                             1.1.0-6.fc27
rawhide
dnsenum.noarch                             1.2.4.2-7.fc27
rawhide
dnsjava-javadoc.noarch                     2.1.3-12.fc26
 rawhide
dnsmap.x86_64                              0.30-11.fc26
rawhide
dnsmasq.x86_64                             2.77-3.fc27
 rawhide
dnsmasq-utils.x86_64                       2.77-3.fc27
 rawhide
dnsperf.x86_64                             2.1.0.0-7.fc27
rawhide
dnssec-check.x86_64                        2.1-7.fc26
rawhide
dnssec-nodes.x86_64                        2.1-6.fc26
rawhide
dnssec-system-tray.x86_64                  2.1-6.fc26
rawhide
dnssec-tools.x86_64                        2.2-3.fc25
rawhide
dnssec-tools-libs.x86_64                   2.2-3.fc25
rawhide
dnssec-tools-libs-devel.x86_64             2.2-3.fc25
rawhide
dnssec-tools-perlmods.x86_64               2.2-3.fc25
rawhide
dnssec-trigger.x86_64                      0.13-3.fc27
 rawhide
dnssec-trigger-panel.x86_64                0.13-3.fc27
 rawhide
dnssec4j.noarch                            0.1.6-3.fc26
rawhide
dnssec4j-javadoc.noarch                    0.1.6-3.fc26
rawhide
dnstop.x86_64                              20140915-4.fc26
 rawhide
dnstracer.x86_64                           1.9-16.fc27
 rawhide
dnsyo.noarch                               2.0.7-3.fc26
rawhide

dnssec-tools look interesting but when I try to install those I get errors.

[root@dc1 ~]# dnf install dnssec-*
Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017 05:51:50 AM
MDT.
Error:
 Problem 1: conflicting requests
  - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by
dnssec-tools-2.2-3.fc25.x86_64
 Problem 2: conflicting requests
  - nothing provides libperl.so.5.24()(64bit) needed by
dnssec-tools-perlmods-2.2-3.fc25.x86_64

I'll have to go plead with the package maintainer. Although I'm not sure
even if I install those if that is really what it is complaining about.
I wonder what tool the samba-tool uses. I'll have to go try and see if I
can figure it out so I know what it is I really need.

nothing interesting listing in lippam*
I installed a lot of pam* that looks like what I might need. I have pam_krb5


>
> > I've tried without named running and with it running and get the same
> > error. Mayke something missing in the python scripts building the dns
> > file.
> >
>
> I just install Bind9, configure it, but do not start it. I then
> provision Samba. I then start Bind9 followed by Samba and it just
> works. Perhaps there is something wrong in your bind conf files ?
>
>
If i do a query against the local dns I get a return so it looks like when
running it works fine.

my named.conf looks like so

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
        include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

/etc/crypto-policies/back-ends/bind.config looks like

disable-algorithms "." {
RSAMD5;
};
disable-ds-digests "." {
GOST;
};



> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using samba with bind dlz

Samba - General mailing list
I found the
file /usr/lib64/python2.7/site-packages/samba/provision/sambadns.py
I was looking through it and seemed to come across the area where I am
having problems.

In the create_dns_dir function

I wanted to see what paths.dns had and what dns_dir where getting set to.

so I did a simple print and found

paths.dir is set
to /var/lib/samba/private/dns/fedora.methanemaker.mooo.com.zone
and
dns_dir is set to /var/lib/samba/private/dns

next I check those directories

[root@dc1 ~]# ls -l
/var/lib/samba/private/dns/fedora.methanemaker.mooo.com.zone
ls: cannot access
'/var/lib/samba/private/dns/fedora.methanemaker.mooo.com.zone': No such
file or directory
[root@dc1 ~]# mkdir -p
/var/lib/samba/private/dns/fedora.methanemaker.mooo.com.zone

it looks like samba-tool removes that directory

I'll keep looking for the culprit in that function.




On Mon, Jul 10, 2017 at 8:50 AM, Jeff Sadowski <[hidden email]>
wrote:

>
> On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba <
> [hidden email]> wrote:
>
>> On Mon, 10 Jul 2017 06:43:37 -0600
>> Jeff Sadowski <[hidden email]> wrote:
>>
>> > Bind-9.11 is installed. How do you configure it? Does it need anything
>> > special in the config for samba to build the ...samba.../named.conf
>> > file that I should be able to include in my /etc/named.conf
>> > afterwards?
>>
>> With Fedora being a bit 'bleeding edge', I just wondered if they had
>> started using Bind10, but 9.11 should be okay, Samba knows all about
>> that version ;-)
>>
>> >
>> >  My guess is that some directory is missing. But if I start fresh and
>> > configure samba with the internal dns it gets all the way through it's
>> > configuration with no errors.
>>
>> Not sure, all I can tell you is what packages I install when creating a
>> DC on Devuan:
>>
>> samba acl attr quota fam winbind libpam-winbind libpam-krb5
>> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9
>> bind9utils
>>
>> of course fedora would have all different package names.
> I avoided installing bind-chroot and  bind-sdb-chroot.x86_64 as the bind
> dlz  info on samba
> said not to chroot bind I'm not sure what bind99 libs are but I installed
> all other bind
> packages listed with "dnf list bind*"
>
> [root@dc1 ~]# dnf list dns* |grep -v i686
> Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017 05:51:50 AM
> MDT.
> Installed Packages
> dnsjava.noarch                             2.1.3-12.fc26
>  @rawhide
> Available Packages
> dnscap.x86_64                              141-11.fc26
>  rawhide
> dnscrypt-proxy.x86_64                      1.9.0-2.fc26
> rawhide
> dnscrypt-proxy-gui.x86_64                  1.11.10-1.fc27
> rawhide
> dnsdist.x86_64                             1.1.0-6.fc27
> rawhide
> dnsenum.noarch                             1.2.4.2-7.fc27
> rawhide
> dnsjava-javadoc.noarch                     2.1.3-12.fc26
>  rawhide
> dnsmap.x86_64                              0.30-11.fc26
> rawhide
> dnsmasq.x86_64                             2.77-3.fc27
>  rawhide
> dnsmasq-utils.x86_64                       2.77-3.fc27
>  rawhide
> dnsperf.x86_64                             2.1.0.0-7.fc27
> rawhide
> dnssec-check.x86_64                        2.1-7.fc26
> rawhide
> dnssec-nodes.x86_64                        2.1-6.fc26
> rawhide
> dnssec-system-tray.x86_64                  2.1-6.fc26
> rawhide
> dnssec-tools.x86_64                        2.2-3.fc25
> rawhide
> dnssec-tools-libs.x86_64                   2.2-3.fc25
> rawhide
> dnssec-tools-libs-devel.x86_64             2.2-3.fc25
> rawhide
> dnssec-tools-perlmods.x86_64               2.2-3.fc25
> rawhide
> dnssec-trigger.x86_64                      0.13-3.fc27
>  rawhide
> dnssec-trigger-panel.x86_64                0.13-3.fc27
>  rawhide
> dnssec4j.noarch                            0.1.6-3.fc26
> rawhide
> dnssec4j-javadoc.noarch                    0.1.6-3.fc26
> rawhide
> dnstop.x86_64                              20140915-4.fc26
>  rawhide
> dnstracer.x86_64                           1.9-16.fc27
>  rawhide
> dnsyo.noarch                               2.0.7-3.fc26
> rawhide
>
> dnssec-tools look interesting but when I try to install those I get errors.
>
> [root@dc1 ~]# dnf install dnssec-*
> Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017 05:51:50 AM
> MDT.
> Error:
>  Problem 1: conflicting requests
>   - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by
> dnssec-tools-2.2-3.fc25.x86_64
>  Problem 2: conflicting requests
>   - nothing provides libperl.so.5.24()(64bit) needed by
> dnssec-tools-perlmods-2.2-3.fc25.x86_64
>
> I'll have to go plead with the package maintainer. Although I'm not sure
> even if I install those if that is really what it is complaining about.
> I wonder what tool the samba-tool uses. I'll have to go try and see if I
> can figure it out so I know what it is I really need.
>
> nothing interesting listing in lippam*
> I installed a lot of pam* that looks like what I might need. I have
> pam_krb5
>
>
> >
>> > I've tried without named running and with it running and get the same
>> > error. Mayke something missing in the python scripts building the dns
>> > file.
>> >
>>
>> I just install Bind9, configure it, but do not start it. I then
>> provision Samba. I then start Bind9 followed by Samba and it just
>> works. Perhaps there is something wrong in your bind conf files ?
>>
>>
> If i do a query against the local dns I get a return so it looks like when
> running it works fine.
>
> my named.conf looks like so
>
> options {
>         listen-on port 53 { 127.0.0.1; };
>         listen-on-v6 port 53 { ::1; };
>         directory       "/var/named";
>         dump-file       "/var/named/data/cache_dump.db";
>         statistics-file "/var/named/data/named_stats.txt";
>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>         allow-query     { localhost; };
>         recursion yes;
>         dnssec-enable yes;
>         dnssec-validation yes;
>         managed-keys-directory "/var/named/dynamic";
>         pid-file "/run/named/named.pid";
>         session-keyfile "/run/named/session.key";
>         include "/etc/crypto-policies/back-ends/bind.config";
> };
> logging {
>         channel default_debug {
>                 file "data/named.run";
>                 severity dynamic;
>         };
> };
> zone "." IN {
>         type hint;
>         file "named.ca";
> };
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
>
> /etc/crypto-policies/back-ends/bind.config looks like
>
> disable-algorithms "." {
> RSAMD5;
> };
> disable-ds-digests "." {
> GOST;
> };
>
>
>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using samba with bind dlz

Samba - General mailing list
On Mon, 10 Jul 2017 09:17:52 -0600
Jeff Sadowski <[hidden email]> wrote:

> I found the
> file /usr/lib64/python2.7/site-packages/samba/provision/sambadns.py
> I was looking through it and seemed to come across the area where I am
> having problems.
>
> In the create_dns_dir function
>
> I wanted to see what paths.dns had and what dns_dir where getting set
> to.
>
> so I did a simple print and found
>
> paths.dir is set
> to /var/lib/samba/private/dns/fedora.methanemaker.mooo.com.zone
> and
> dns_dir is set to /var/lib/samba/private/dns
>
> next I check those directories
>
> [root@dc1 ~]# ls -l
> /var/lib/samba/private/dns/fedora.methanemaker.mooo.com.zone
> ls: cannot access
> '/var/lib/samba/private/dns/fedora.methanemaker.mooo.com.zone': No
> such file or directory

It doesn't work like that ;-)
You should have something like this:

ls -la /usr/local/samba/private/dns
total 2956
drwxrwx--- 3 root bind     4096 Nov 23  2016 .
drwxr-sr-x 8 root staff    4096 Jul 10 16:36 ..
-rw-rw---- 1 root bind  3014656 Sep 12  2016 sam.ldb
drwxrwx--- 2 root bind     4096 Nov 23  2016 sam.ldb.d

and sam.ldb.d:

ls -la /usr/local/samba/private/dns/sam.ldb.d/
total 28060
drwxrwx--- 2 root bind    4096 Nov 23  2016 .
drwxrwx--- 3 root bind    4096 Nov 23  2016 ..
-rw-rw---- 1 root bind 8925184 Sep 12  2016 CN=CONFIGURATION,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb
-rw-rw---- 1 root bind 9187328 Sep 12  2016 CN=SCHEMA,CN=CONFIGURATION,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb
-rw-rw---- 2 root bind 4247552 Jul 10 16:32 DC=DOMAINDNSZONES,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb
-rw-rw---- 2 root bind 4247552 Jul 10 16:32 DC=FORESTDNSZONES,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb
-rw-rw---- 1 root bind 1286144 Sep 12  2016 DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb
-rw-rw---- 2 root bind  831488 Jul 10 16:32 metadata.tdb

Your cow inspired dns zone should be in there, note: do note edit the
ldb files directly.


> [root@dc1 ~]# mkdir -p
> /var/lib/samba/private/dns/fedora.methanemaker.mooo.com.zone
>
> it looks like samba-tool removes that directory

No, it is never creating it ;-)

>
> I'll keep looking for the culprit in that function.

Not sure anything is wrong in python, it has always worked for me

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using samba with bind dlz

Samba - General mailing list
In reply to this post by Samba - General mailing list
In /usr/lib64/python2.7/site-packages/samba/provision/sambadns.py

Update: It is failing in create_samdb_copy specifically here:

    # Copy root, config, schema partitions (and any other if any)
    # Since samdb is open in the current process, copy them in a child
process
    try:
        tdb_copy(os.path.join(private_dir, "sam.ldb"),
                 os.path.join(dns_dir, "sam.ldb"))
        for nc in partfile:
            pfile = partfile[nc]
            tdb_copy(os.path.join(private_dir, pfile),
                     os.path.join(dns_dir, pfile))

Let me try and figure out what his is doing and I'll write some prints to
find out what the culprit is.


On Mon, Jul 10, 2017 at 9:17 AM, Jeff Sadowski <[hidden email]>
wrote:

> I found the file /usr/lib64/python2.7/site-packages/samba/provision/
> sambadns.py
> I was looking through it and seemed to come across the area where I am
> having problems.
>
> In the create_dns_dir function
>
> I wanted to see what paths.dns had and what dns_dir where getting set to.
>
> so I did a simple print and found
>
> paths.dir is set to /var/lib/samba/private/dns/
> fedora.methanemaker.mooo.com.zone
> and
> dns_dir is set to /var/lib/samba/private/dns
>
> next I check those directories
>
> [root@dc1 ~]# ls -l /var/lib/samba/private/dns/
> fedora.methanemaker.mooo.com.zone
> ls: cannot access '/var/lib/samba/private/dns/fedora.methanemaker.mooo.com
> .zone': No such file or directory
> [root@dc1 ~]# mkdir -p /var/lib/samba/private/dns/
> fedora.methanemaker.mooo.com.zone
>
> it looks like samba-tool removes that directory
>
> I'll keep looking for the culprit in that function.
>
>
>
>
> On Mon, Jul 10, 2017 at 8:50 AM, Jeff Sadowski <[hidden email]>
> wrote:
>
>>
>> On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba <
>> [hidden email]> wrote:
>>
>>> On Mon, 10 Jul 2017 06:43:37 -0600
>>> Jeff Sadowski <[hidden email]> wrote:
>>>
>>> > Bind-9.11 is installed. How do you configure it? Does it need anything
>>> > special in the config for samba to build the ...samba.../named.conf
>>> > file that I should be able to include in my /etc/named.conf
>>> > afterwards?
>>>
>>> With Fedora being a bit 'bleeding edge', I just wondered if they had
>>> started using Bind10, but 9.11 should be okay, Samba knows all about
>>> that version ;-)
>>>
>>> >
>>> >  My guess is that some directory is missing. But if I start fresh and
>>> > configure samba with the internal dns it gets all the way through it's
>>> > configuration with no errors.
>>>
>>> Not sure, all I can tell you is what packages I install when creating a
>>> DC on Devuan:
>>>
>>> samba acl attr quota fam winbind libpam-winbind libpam-krb5
>>> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9
>>> bind9utils
>>>
>>> of course fedora would have all different package names.
>> I avoided installing bind-chroot and  bind-sdb-chroot.x86_64 as the bind
>> dlz  info on samba
>> said not to chroot bind I'm not sure what bind99 libs are but I installed
>> all other bind
>> packages listed with "dnf list bind*"
>>
>> [root@dc1 ~]# dnf list dns* |grep -v i686
>> Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017 05:51:50
>> AM MDT.
>> Installed Packages
>> dnsjava.noarch                             2.1.3-12.fc26
>>  @rawhide
>> Available Packages
>> dnscap.x86_64                              141-11.fc26
>>  rawhide
>> dnscrypt-proxy.x86_64                      1.9.0-2.fc26
>> rawhide
>> dnscrypt-proxy-gui.x86_64                  1.11.10-1.fc27
>> rawhide
>> dnsdist.x86_64                             1.1.0-6.fc27
>> rawhide
>> dnsenum.noarch                             1.2.4.2-7.fc27
>> rawhide
>> dnsjava-javadoc.noarch                     2.1.3-12.fc26
>>  rawhide
>> dnsmap.x86_64                              0.30-11.fc26
>> rawhide
>> dnsmasq.x86_64                             2.77-3.fc27
>>  rawhide
>> dnsmasq-utils.x86_64                       2.77-3.fc27
>>  rawhide
>> dnsperf.x86_64                             2.1.0.0-7.fc27
>> rawhide
>> dnssec-check.x86_64                        2.1-7.fc26
>> rawhide
>> dnssec-nodes.x86_64                        2.1-6.fc26
>> rawhide
>> dnssec-system-tray.x86_64                  2.1-6.fc26
>> rawhide
>> dnssec-tools.x86_64                        2.2-3.fc25
>> rawhide
>> dnssec-tools-libs.x86_64                   2.2-3.fc25
>> rawhide
>> dnssec-tools-libs-devel.x86_64             2.2-3.fc25
>> rawhide
>> dnssec-tools-perlmods.x86_64               2.2-3.fc25
>> rawhide
>> dnssec-trigger.x86_64                      0.13-3.fc27
>>  rawhide
>> dnssec-trigger-panel.x86_64                0.13-3.fc27
>>  rawhide
>> dnssec4j.noarch                            0.1.6-3.fc26
>> rawhide
>> dnssec4j-javadoc.noarch                    0.1.6-3.fc26
>> rawhide
>> dnstop.x86_64                              20140915-4.fc26
>>  rawhide
>> dnstracer.x86_64                           1.9-16.fc27
>>  rawhide
>> dnsyo.noarch                               2.0.7-3.fc26
>> rawhide
>>
>> dnssec-tools look interesting but when I try to install those I get
>> errors.
>>
>> [root@dc1 ~]# dnf install dnssec-*
>> Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017 05:51:50
>> AM MDT.
>> Error:
>>  Problem 1: conflicting requests
>>   - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by
>> dnssec-tools-2.2-3.fc25.x86_64
>>  Problem 2: conflicting requests
>>   - nothing provides libperl.so.5.24()(64bit) needed by
>> dnssec-tools-perlmods-2.2-3.fc25.x86_64
>>
>> I'll have to go plead with the package maintainer. Although I'm not sure
>> even if I install those if that is really what it is complaining about.
>> I wonder what tool the samba-tool uses. I'll have to go try and see if I
>> can figure it out so I know what it is I really need.
>>
>> nothing interesting listing in lippam*
>> I installed a lot of pam* that looks like what I might need. I have
>> pam_krb5
>>
>>
>> >
>>> > I've tried without named running and with it running and get the same
>>> > error. Mayke something missing in the python scripts building the dns
>>> > file.
>>> >
>>>
>>> I just install Bind9, configure it, but do not start it. I then
>>> provision Samba. I then start Bind9 followed by Samba and it just
>>> works. Perhaps there is something wrong in your bind conf files ?
>>>
>>>
>> If i do a query against the local dns I get a return so it looks like
>> when running it works fine.
>>
>> my named.conf looks like so
>>
>> options {
>>         listen-on port 53 { 127.0.0.1; };
>>         listen-on-v6 port 53 { ::1; };
>>         directory       "/var/named";
>>         dump-file       "/var/named/data/cache_dump.db";
>>         statistics-file "/var/named/data/named_stats.txt";
>>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>>         allow-query     { localhost; };
>>         recursion yes;
>>         dnssec-enable yes;
>>         dnssec-validation yes;
>>         managed-keys-directory "/var/named/dynamic";
>>         pid-file "/run/named/named.pid";
>>         session-keyfile "/run/named/session.key";
>>         include "/etc/crypto-policies/back-ends/bind.config";
>> };
>> logging {
>>         channel default_debug {
>>                 file "data/named.run";
>>                 severity dynamic;
>>         };
>> };
>> zone "." IN {
>>         type hint;
>>         file "named.ca";
>> };
>> include "/etc/named.rfc1912.zones";
>> include "/etc/named.root.key";
>>
>> /etc/crypto-policies/back-ends/bind.config looks like
>>
>> disable-algorithms "." {
>> RSAMD5;
>> };
>> disable-ds-digests "." {
>> GOST;
>> };
>>
>>
>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using samba with bind dlz

Samba - General mailing list
On Mon, Jul 10, 2017 at 9:45 AM, Jeff Sadowski <[hidden email]>
wrote:

> In /usr/lib64/python2.7/site-packages/samba/provision/sambadns.py
>
> Update: It is failing in create_samdb_copy specifically here:
>
>     # Copy root, config, schema partitions (and any other if any)
>     # Since samdb is open in the current process, copy them in a child
> process
>     try:
>         tdb_copy(os.path.join(private_dir, "sam.ldb"),
>                  os.path.join(dns_dir, "sam.ldb"))
>         for nc in partfile:
>             pfile = partfile[nc]
>             tdb_copy(os.path.join(private_dir, pfile),
>                      os.path.join(dns_dir, pfile))
>
> Let me try and figure out what his is doing and I'll write some prints to
> find out what the culprit is.
>

I printed out os.path.join(private_dir, "sam.ldb")
and os.path.join(dns_dir, "sam.ldb") they both look fine.

From: /var/lib/samba/private/sam.ldb
To: /var/lib/samba/private/dns/sam.ldb

I put a print statement under tdb_copy that is not reached so the problem
is there.
Now to go find tdb_copy and see what it is complaining about.

I see the line

from samba.tdb_util import tdb_copy

So I'm off to find that function and to see what it is complaining about.



>
>
> On Mon, Jul 10, 2017 at 9:17 AM, Jeff Sadowski <[hidden email]>
> wrote:
>
>> I found the file /usr/lib64/python2.7/site-packages/samba/provision/samb
>> adns.py
>> I was looking through it and seemed to come across the area where I am
>> having problems.
>>
>> In the create_dns_dir function
>>
>> I wanted to see what paths.dns had and what dns_dir where getting set to.
>>
>> so I did a simple print and found
>>
>> paths.dir is set to /var/lib/samba/private/dns/
>> fedora.methanemaker.mooo.com.zone
>> and
>> dns_dir is set to /var/lib/samba/private/dns
>>
>> next I check those directories
>>
>> [root@dc1 ~]# ls -l /var/lib/samba/private/dns/fed
>> ora.methanemaker.mooo.com.zone
>> ls: cannot access '/var/lib/samba/private/dns/fe
>> dora.methanemaker.mooo.com.zone': No such file or directory
>> [root@dc1 ~]# mkdir -p /var/lib/samba/private/dns/fed
>> ora.methanemaker.mooo.com.zone
>>
>> it looks like samba-tool removes that directory
>>
>> I'll keep looking for the culprit in that function.
>>
>>
>>
>>
>> On Mon, Jul 10, 2017 at 8:50 AM, Jeff Sadowski <[hidden email]>
>> wrote:
>>
>>>
>>> On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba <
>>> [hidden email]> wrote:
>>>
>>>> On Mon, 10 Jul 2017 06:43:37 -0600
>>>> Jeff Sadowski <[hidden email]> wrote:
>>>>
>>>> > Bind-9.11 is installed. How do you configure it? Does it need anything
>>>> > special in the config for samba to build the ...samba.../named.conf
>>>> > file that I should be able to include in my /etc/named.conf
>>>> > afterwards?
>>>>
>>>> With Fedora being a bit 'bleeding edge', I just wondered if they had
>>>> started using Bind10, but 9.11 should be okay, Samba knows all about
>>>> that version ;-)
>>>>
>>>> >
>>>> >  My guess is that some directory is missing. But if I start fresh and
>>>> > configure samba with the internal dns it gets all the way through it's
>>>> > configuration with no errors.
>>>>
>>>> Not sure, all I can tell you is what packages I install when creating a
>>>> DC on Devuan:
>>>>
>>>> samba acl attr quota fam winbind libpam-winbind libpam-krb5
>>>> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9
>>>> bind9utils
>>>>
>>>> of course fedora would have all different package names.
>>> I avoided installing bind-chroot and  bind-sdb-chroot.x86_64 as the bind
>>> dlz  info on samba
>>> said not to chroot bind I'm not sure what bind99 libs are but I
>>> installed all other bind
>>> packages listed with "dnf list bind*"
>>>
>>> [root@dc1 ~]# dnf list dns* |grep -v i686
>>> Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017 05:51:50
>>> AM MDT.
>>> Installed Packages
>>> dnsjava.noarch                             2.1.3-12.fc26
>>>  @rawhide
>>> Available Packages
>>> dnscap.x86_64                              141-11.fc26
>>>  rawhide
>>> dnscrypt-proxy.x86_64                      1.9.0-2.fc26
>>> rawhide
>>> dnscrypt-proxy-gui.x86_64                  1.11.10-1.fc27
>>> rawhide
>>> dnsdist.x86_64                             1.1.0-6.fc27
>>> rawhide
>>> dnsenum.noarch                             1.2.4.2-7.fc27
>>> rawhide
>>> dnsjava-javadoc.noarch                     2.1.3-12.fc26
>>>  rawhide
>>> dnsmap.x86_64                              0.30-11.fc26
>>> rawhide
>>> dnsmasq.x86_64                             2.77-3.fc27
>>>  rawhide
>>> dnsmasq-utils.x86_64                       2.77-3.fc27
>>>  rawhide
>>> dnsperf.x86_64                             2.1.0.0-7.fc27
>>> rawhide
>>> dnssec-check.x86_64                        2.1-7.fc26
>>> rawhide
>>> dnssec-nodes.x86_64                        2.1-6.fc26
>>> rawhide
>>> dnssec-system-tray.x86_64                  2.1-6.fc26
>>> rawhide
>>> dnssec-tools.x86_64                        2.2-3.fc25
>>> rawhide
>>> dnssec-tools-libs.x86_64                   2.2-3.fc25
>>> rawhide
>>> dnssec-tools-libs-devel.x86_64             2.2-3.fc25
>>> rawhide
>>> dnssec-tools-perlmods.x86_64               2.2-3.fc25
>>> rawhide
>>> dnssec-trigger.x86_64                      0.13-3.fc27
>>>  rawhide
>>> dnssec-trigger-panel.x86_64                0.13-3.fc27
>>>  rawhide
>>> dnssec4j.noarch                            0.1.6-3.fc26
>>> rawhide
>>> dnssec4j-javadoc.noarch                    0.1.6-3.fc26
>>> rawhide
>>> dnstop.x86_64                              20140915-4.fc26
>>>  rawhide
>>> dnstracer.x86_64                           1.9-16.fc27
>>>  rawhide
>>> dnsyo.noarch                               2.0.7-3.fc26
>>> rawhide
>>>
>>> dnssec-tools look interesting but when I try to install those I get
>>> errors.
>>>
>>> [root@dc1 ~]# dnf install dnssec-*
>>> Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017 05:51:50
>>> AM MDT.
>>> Error:
>>>  Problem 1: conflicting requests
>>>   - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by
>>> dnssec-tools-2.2-3.fc25.x86_64
>>>  Problem 2: conflicting requests
>>>   - nothing provides libperl.so.5.24()(64bit) needed by
>>> dnssec-tools-perlmods-2.2-3.fc25.x86_64
>>>
>>> I'll have to go plead with the package maintainer. Although I'm not sure
>>> even if I install those if that is really what it is complaining about.
>>> I wonder what tool the samba-tool uses. I'll have to go try and see if I
>>> can figure it out so I know what it is I really need.
>>>
>>> nothing interesting listing in lippam*
>>> I installed a lot of pam* that looks like what I might need. I have
>>> pam_krb5
>>>
>>>
>>> >
>>>> > I've tried without named running and with it running and get the same
>>>> > error. Mayke something missing in the python scripts building the dns
>>>> > file.
>>>> >
>>>>
>>>> I just install Bind9, configure it, but do not start it. I then
>>>> provision Samba. I then start Bind9 followed by Samba and it just
>>>> works. Perhaps there is something wrong in your bind conf files ?
>>>>
>>>>
>>> If i do a query against the local dns I get a return so it looks like
>>> when running it works fine.
>>>
>>> my named.conf looks like so
>>>
>>> options {
>>>         listen-on port 53 { 127.0.0.1; };
>>>         listen-on-v6 port 53 { ::1; };
>>>         directory       "/var/named";
>>>         dump-file       "/var/named/data/cache_dump.db";
>>>         statistics-file "/var/named/data/named_stats.txt";
>>>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>>>         allow-query     { localhost; };
>>>         recursion yes;
>>>         dnssec-enable yes;
>>>         dnssec-validation yes;
>>>         managed-keys-directory "/var/named/dynamic";
>>>         pid-file "/run/named/named.pid";
>>>         session-keyfile "/run/named/session.key";
>>>         include "/etc/crypto-policies/back-ends/bind.config";
>>> };
>>> logging {
>>>         channel default_debug {
>>>                 file "data/named.run";
>>>                 severity dynamic;
>>>         };
>>> };
>>> zone "." IN {
>>>         type hint;
>>>         file "named.ca";
>>> };
>>> include "/etc/named.rfc1912.zones";
>>> include "/etc/named.root.key";
>>>
>>> /etc/crypto-policies/back-ends/bind.config looks like
>>>
>>> disable-algorithms "." {
>>> RSAMD5;
>>> };
>>> disable-ds-digests "." {
>>> GOST;
>>> };
>>>
>>>
>>>
>>>> Rowland
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>
>>>
>>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using samba with bind dlz

Samba - General mailing list
OK so I don't have a program tdbbackup. Where do I get it?

On Mon, Jul 10, 2017 at 10:38 AM, Jeff Sadowski <[hidden email]>
wrote:

>
>
> On Mon, Jul 10, 2017 at 9:45 AM, Jeff Sadowski <[hidden email]>
> wrote:
>
>> In /usr/lib64/python2.7/site-packages/samba/provision/sambadns.py
>>
>> Update: It is failing in create_samdb_copy specifically here:
>>
>>     # Copy root, config, schema partitions (and any other if any)
>>     # Since samdb is open in the current process, copy them in a child
>> process
>>     try:
>>         tdb_copy(os.path.join(private_dir, "sam.ldb"),
>>                  os.path.join(dns_dir, "sam.ldb"))
>>         for nc in partfile:
>>             pfile = partfile[nc]
>>             tdb_copy(os.path.join(private_dir, pfile),
>>                      os.path.join(dns_dir, pfile))
>>
>> Let me try and figure out what his is doing and I'll write some prints to
>> find out what the culprit is.
>>
>
> I printed out os.path.join(private_dir, "sam.ldb")
> and os.path.join(dns_dir, "sam.ldb") they both look fine.
>
> From: /var/lib/samba/private/sam.ldb
> To: /var/lib/samba/private/dns/sam.ldb
>
> I put a print statement under tdb_copy that is not reached so the problem
> is there.
> Now to go find tdb_copy and see what it is complaining about.
>
> I see the line
>
> from samba.tdb_util import tdb_copy
>
> So I'm off to find that function and to see what it is complaining about.
>
>
>
>>
>>
>> On Mon, Jul 10, 2017 at 9:17 AM, Jeff Sadowski <[hidden email]>
>> wrote:
>>
>>> I found the file /usr/lib64/python2.7/site-packages/samba/provision/samb
>>> adns.py
>>> I was looking through it and seemed to come across the area where I am
>>> having problems.
>>>
>>> In the create_dns_dir function
>>>
>>> I wanted to see what paths.dns had and what dns_dir where getting set to.
>>>
>>> so I did a simple print and found
>>>
>>> paths.dir is set to /var/lib/samba/private/dns/
>>> fedora.methanemaker.mooo.com.zone
>>> and
>>> dns_dir is set to /var/lib/samba/private/dns
>>>
>>> next I check those directories
>>>
>>> [root@dc1 ~]# ls -l /var/lib/samba/private/dns/fed
>>> ora.methanemaker.mooo.com.zone
>>> ls: cannot access '/var/lib/samba/private/dns/fe
>>> dora.methanemaker.mooo.com.zone': No such file or directory
>>> [root@dc1 ~]# mkdir -p /var/lib/samba/private/dns/fed
>>> ora.methanemaker.mooo.com.zone
>>>
>>> it looks like samba-tool removes that directory
>>>
>>> I'll keep looking for the culprit in that function.
>>>
>>>
>>>
>>>
>>> On Mon, Jul 10, 2017 at 8:50 AM, Jeff Sadowski <[hidden email]>
>>> wrote:
>>>
>>>>
>>>> On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba <
>>>> [hidden email]> wrote:
>>>>
>>>>> On Mon, 10 Jul 2017 06:43:37 -0600
>>>>> Jeff Sadowski <[hidden email]> wrote:
>>>>>
>>>>> > Bind-9.11 is installed. How do you configure it? Does it need
>>>>> anything
>>>>> > special in the config for samba to build the ...samba.../named.conf
>>>>> > file that I should be able to include in my /etc/named.conf
>>>>> > afterwards?
>>>>>
>>>>> With Fedora being a bit 'bleeding edge', I just wondered if they had
>>>>> started using Bind10, but 9.11 should be okay, Samba knows all about
>>>>> that version ;-)
>>>>>
>>>>> >
>>>>> >  My guess is that some directory is missing. But if I start fresh and
>>>>> > configure samba with the internal dns it gets all the way through
>>>>> it's
>>>>> > configuration with no errors.
>>>>>
>>>>> Not sure, all I can tell you is what packages I install when creating a
>>>>> DC on Devuan:
>>>>>
>>>>> samba acl attr quota fam winbind libpam-winbind libpam-krb5
>>>>> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9
>>>>> bind9utils
>>>>>
>>>>> of course fedora would have all different package names.
>>>> I avoided installing bind-chroot and  bind-sdb-chroot.x86_64 as the
>>>> bind dlz  info on samba
>>>> said not to chroot bind I'm not sure what bind99 libs are but I
>>>> installed all other bind
>>>> packages listed with "dnf list bind*"
>>>>
>>>> [root@dc1 ~]# dnf list dns* |grep -v i686
>>>> Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017 05:51:50
>>>> AM MDT.
>>>> Installed Packages
>>>> dnsjava.noarch                             2.1.3-12.fc26
>>>>  @rawhide
>>>> Available Packages
>>>> dnscap.x86_64                              141-11.fc26
>>>>  rawhide
>>>> dnscrypt-proxy.x86_64                      1.9.0-2.fc26
>>>> rawhide
>>>> dnscrypt-proxy-gui.x86_64                  1.11.10-1.fc27
>>>> rawhide
>>>> dnsdist.x86_64                             1.1.0-6.fc27
>>>> rawhide
>>>> dnsenum.noarch                             1.2.4.2-7.fc27
>>>> rawhide
>>>> dnsjava-javadoc.noarch                     2.1.3-12.fc26
>>>>  rawhide
>>>> dnsmap.x86_64                              0.30-11.fc26
>>>> rawhide
>>>> dnsmasq.x86_64                             2.77-3.fc27
>>>>  rawhide
>>>> dnsmasq-utils.x86_64                       2.77-3.fc27
>>>>  rawhide
>>>> dnsperf.x86_64                             2.1.0.0-7.fc27
>>>> rawhide
>>>> dnssec-check.x86_64                        2.1-7.fc26
>>>> rawhide
>>>> dnssec-nodes.x86_64                        2.1-6.fc26
>>>> rawhide
>>>> dnssec-system-tray.x86_64                  2.1-6.fc26
>>>> rawhide
>>>> dnssec-tools.x86_64                        2.2-3.fc25
>>>> rawhide
>>>> dnssec-tools-libs.x86_64                   2.2-3.fc25
>>>> rawhide
>>>> dnssec-tools-libs-devel.x86_64             2.2-3.fc25
>>>> rawhide
>>>> dnssec-tools-perlmods.x86_64               2.2-3.fc25
>>>> rawhide
>>>> dnssec-trigger.x86_64                      0.13-3.fc27
>>>>  rawhide
>>>> dnssec-trigger-panel.x86_64                0.13-3.fc27
>>>>  rawhide
>>>> dnssec4j.noarch                            0.1.6-3.fc26
>>>> rawhide
>>>> dnssec4j-javadoc.noarch                    0.1.6-3.fc26
>>>> rawhide
>>>> dnstop.x86_64                              20140915-4.fc26
>>>>  rawhide
>>>> dnstracer.x86_64                           1.9-16.fc27
>>>>  rawhide
>>>> dnsyo.noarch                               2.0.7-3.fc26
>>>> rawhide
>>>>
>>>> dnssec-tools look interesting but when I try to install those I get
>>>> errors.
>>>>
>>>> [root@dc1 ~]# dnf install dnssec-*
>>>> Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017 05:51:50
>>>> AM MDT.
>>>> Error:
>>>>  Problem 1: conflicting requests
>>>>   - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by
>>>> dnssec-tools-2.2-3.fc25.x86_64
>>>>  Problem 2: conflicting requests
>>>>   - nothing provides libperl.so.5.24()(64bit) needed by
>>>> dnssec-tools-perlmods-2.2-3.fc25.x86_64
>>>>
>>>> I'll have to go plead with the package maintainer. Although I'm not
>>>> sure even if I install those if that is really what it is complaining about.
>>>> I wonder what tool the samba-tool uses. I'll have to go try and see if
>>>> I can figure it out so I know what it is I really need.
>>>>
>>>> nothing interesting listing in lippam*
>>>> I installed a lot of pam* that looks like what I might need. I have
>>>> pam_krb5
>>>>
>>>>
>>>> >
>>>>> > I've tried without named running and with it running and get the same
>>>>> > error. Mayke something missing in the python scripts building the dns
>>>>> > file.
>>>>> >
>>>>>
>>>>> I just install Bind9, configure it, but do not start it. I then
>>>>> provision Samba. I then start Bind9 followed by Samba and it just
>>>>> works. Perhaps there is something wrong in your bind conf files ?
>>>>>
>>>>>
>>>> If i do a query against the local dns I get a return so it looks like
>>>> when running it works fine.
>>>>
>>>> my named.conf looks like so
>>>>
>>>> options {
>>>>         listen-on port 53 { 127.0.0.1; };
>>>>         listen-on-v6 port 53 { ::1; };
>>>>         directory       "/var/named";
>>>>         dump-file       "/var/named/data/cache_dump.db";
>>>>         statistics-file "/var/named/data/named_stats.txt";
>>>>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>>>>         allow-query     { localhost; };
>>>>         recursion yes;
>>>>         dnssec-enable yes;
>>>>         dnssec-validation yes;
>>>>         managed-keys-directory "/var/named/dynamic";
>>>>         pid-file "/run/named/named.pid";
>>>>         session-keyfile "/run/named/session.key";
>>>>         include "/etc/crypto-policies/back-ends/bind.config";
>>>> };
>>>> logging {
>>>>         channel default_debug {
>>>>                 file "data/named.run";
>>>>                 severity dynamic;
>>>>         };
>>>> };
>>>> zone "." IN {
>>>>         type hint;
>>>>         file "named.ca";
>>>> };
>>>> include "/etc/named.rfc1912.zones";
>>>> include "/etc/named.root.key";
>>>>
>>>> /etc/crypto-policies/back-ends/bind.config looks like
>>>>
>>>> disable-algorithms "." {
>>>> RSAMD5;
>>>> };
>>>> disable-ds-digests "." {
>>>> GOST;
>>>> };
>>>>
>>>>
>>>>
>>>>> Rowland
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>
>>>>
>>>>
>>>
>>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using samba with bind dlz

Samba - General mailing list
dnf install tdb-tools and wala it finishes as expected. :-)



On Mon, Jul 10, 2017 at 10:58 AM, Jeff Sadowski <[hidden email]>
wrote:

> OK so I don't have a program tdbbackup. Where do I get it?
>
> On Mon, Jul 10, 2017 at 10:38 AM, Jeff Sadowski <[hidden email]>
> wrote:
>
>>
>>
>> On Mon, Jul 10, 2017 at 9:45 AM, Jeff Sadowski <[hidden email]>
>> wrote:
>>
>>> In /usr/lib64/python2.7/site-packages/samba/provision/sambadns.py
>>>
>>> Update: It is failing in create_samdb_copy specifically here:
>>>
>>>     # Copy root, config, schema partitions (and any other if any)
>>>     # Since samdb is open in the current process, copy them in a child
>>> process
>>>     try:
>>>         tdb_copy(os.path.join(private_dir, "sam.ldb"),
>>>                  os.path.join(dns_dir, "sam.ldb"))
>>>         for nc in partfile:
>>>             pfile = partfile[nc]
>>>             tdb_copy(os.path.join(private_dir, pfile),
>>>                      os.path.join(dns_dir, pfile))
>>>
>>> Let me try and figure out what his is doing and I'll write some prints
>>> to find out what the culprit is.
>>>
>>
>> I printed out os.path.join(private_dir, "sam.ldb")
>> and os.path.join(dns_dir, "sam.ldb") they both look fine.
>>
>> From: /var/lib/samba/private/sam.ldb
>> To: /var/lib/samba/private/dns/sam.ldb
>>
>> I put a print statement under tdb_copy that is not reached so the problem
>> is there.
>> Now to go find tdb_copy and see what it is complaining about.
>>
>> I see the line
>>
>> from samba.tdb_util import tdb_copy
>>
>> So I'm off to find that function and to see what it is complaining about.
>>
>>
>>
>>>
>>>
>>> On Mon, Jul 10, 2017 at 9:17 AM, Jeff Sadowski <[hidden email]>
>>> wrote:
>>>
>>>> I found the file /usr/lib64/python2.7/site
>>>> -packages/samba/provision/sambadns.py
>>>> I was looking through it and seemed to come across the area where I am
>>>> having problems.
>>>>
>>>> In the create_dns_dir function
>>>>
>>>> I wanted to see what paths.dns had and what dns_dir where getting set
>>>> to.
>>>>
>>>> so I did a simple print and found
>>>>
>>>> paths.dir is set to /var/lib/samba/private/dns/
>>>> fedora.methanemaker.mooo.com.zone
>>>> and
>>>> dns_dir is set to /var/lib/samba/private/dns
>>>>
>>>> next I check those directories
>>>>
>>>> [root@dc1 ~]# ls -l /var/lib/samba/private/dns/fed
>>>> ora.methanemaker.mooo.com.zone
>>>> ls: cannot access '/var/lib/samba/private/dns/fe
>>>> dora.methanemaker.mooo.com.zone': No such file or directory
>>>> [root@dc1 ~]# mkdir -p /var/lib/samba/private/dns/fed
>>>> ora.methanemaker.mooo.com.zone
>>>>
>>>> it looks like samba-tool removes that directory
>>>>
>>>> I'll keep looking for the culprit in that function.
>>>>
>>>>
>>>>
>>>>
>>>> On Mon, Jul 10, 2017 at 8:50 AM, Jeff Sadowski <[hidden email]
>>>> > wrote:
>>>>
>>>>>
>>>>> On Mon, Jul 10, 2017 at 8:02 AM, Rowland Penny via samba <
>>>>> [hidden email]> wrote:
>>>>>
>>>>>> On Mon, 10 Jul 2017 06:43:37 -0600
>>>>>> Jeff Sadowski <[hidden email]> wrote:
>>>>>>
>>>>>> > Bind-9.11 is installed. How do you configure it? Does it need
>>>>>> anything
>>>>>> > special in the config for samba to build the ...samba.../named.conf
>>>>>> > file that I should be able to include in my /etc/named.conf
>>>>>> > afterwards?
>>>>>>
>>>>>> With Fedora being a bit 'bleeding edge', I just wondered if they had
>>>>>> started using Bind10, but 9.11 should be okay, Samba knows all about
>>>>>> that version ;-)
>>>>>>
>>>>>> >
>>>>>> >  My guess is that some directory is missing. But if I start fresh
>>>>>> and
>>>>>> > configure samba with the internal dns it gets all the way through
>>>>>> it's
>>>>>> > configuration with no errors.
>>>>>>
>>>>>> Not sure, all I can tell you is what packages I install when creating
>>>>>> a
>>>>>> DC on Devuan:
>>>>>>
>>>>>> samba acl attr quota fam winbind libpam-winbind libpam-krb5
>>>>>> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools bind9
>>>>>> bind9utils
>>>>>>
>>>>>> of course fedora would have all different package names.
>>>>> I avoided installing bind-chroot and  bind-sdb-chroot.x86_64 as the
>>>>> bind dlz  info on samba
>>>>> said not to chroot bind I'm not sure what bind99 libs are but I
>>>>> installed all other bind
>>>>> packages listed with "dnf list bind*"
>>>>>
>>>>> [root@dc1 ~]# dnf list dns* |grep -v i686
>>>>> Last metadata expiration check: 2:40:26 ago on Mon 10 Jul 2017
>>>>> 05:51:50 AM MDT.
>>>>> Installed Packages
>>>>> dnsjava.noarch                             2.1.3-12.fc26
>>>>>  @rawhide
>>>>> Available Packages
>>>>> dnscap.x86_64                              141-11.fc26
>>>>>  rawhide
>>>>> dnscrypt-proxy.x86_64                      1.9.0-2.fc26
>>>>>   rawhide
>>>>> dnscrypt-proxy-gui.x86_64                  1.11.10-1.fc27
>>>>>   rawhide
>>>>> dnsdist.x86_64                             1.1.0-6.fc27
>>>>>   rawhide
>>>>> dnsenum.noarch                             1.2.4.2-7.fc27
>>>>>   rawhide
>>>>> dnsjava-javadoc.noarch                     2.1.3-12.fc26
>>>>>  rawhide
>>>>> dnsmap.x86_64                              0.30-11.fc26
>>>>>   rawhide
>>>>> dnsmasq.x86_64                             2.77-3.fc27
>>>>>  rawhide
>>>>> dnsmasq-utils.x86_64                       2.77-3.fc27
>>>>>  rawhide
>>>>> dnsperf.x86_64                             2.1.0.0-7.fc27
>>>>>   rawhide
>>>>> dnssec-check.x86_64                        2.1-7.fc26
>>>>>   rawhide
>>>>> dnssec-nodes.x86_64                        2.1-6.fc26
>>>>>   rawhide
>>>>> dnssec-system-tray.x86_64                  2.1-6.fc26
>>>>>   rawhide
>>>>> dnssec-tools.x86_64                        2.2-3.fc25
>>>>>   rawhide
>>>>> dnssec-tools-libs.x86_64                   2.2-3.fc25
>>>>>   rawhide
>>>>> dnssec-tools-libs-devel.x86_64             2.2-3.fc25
>>>>>   rawhide
>>>>> dnssec-tools-perlmods.x86_64               2.2-3.fc25
>>>>>   rawhide
>>>>> dnssec-trigger.x86_64                      0.13-3.fc27
>>>>>  rawhide
>>>>> dnssec-trigger-panel.x86_64                0.13-3.fc27
>>>>>  rawhide
>>>>> dnssec4j.noarch                            0.1.6-3.fc26
>>>>>   rawhide
>>>>> dnssec4j-javadoc.noarch                    0.1.6-3.fc26
>>>>>   rawhide
>>>>> dnstop.x86_64                              20140915-4.fc26
>>>>>  rawhide
>>>>> dnstracer.x86_64                           1.9-16.fc27
>>>>>  rawhide
>>>>> dnsyo.noarch                               2.0.7-3.fc26
>>>>>   rawhide
>>>>>
>>>>> dnssec-tools look interesting but when I try to install those I get
>>>>> errors.
>>>>>
>>>>> [root@dc1 ~]# dnf install dnssec-*
>>>>> Last metadata expiration check: 2:41:47 ago on Mon 10 Jul 2017
>>>>> 05:51:50 AM MDT.
>>>>> Error:
>>>>>  Problem 1: conflicting requests
>>>>>   - nothing provides perl(:MODULE_COMPAT_5.24.0) needed by
>>>>> dnssec-tools-2.2-3.fc25.x86_64
>>>>>  Problem 2: conflicting requests
>>>>>   - nothing provides libperl.so.5.24()(64bit) needed by
>>>>> dnssec-tools-perlmods-2.2-3.fc25.x86_64
>>>>>
>>>>> I'll have to go plead with the package maintainer. Although I'm not
>>>>> sure even if I install those if that is really what it is complaining about.
>>>>> I wonder what tool the samba-tool uses. I'll have to go try and see if
>>>>> I can figure it out so I know what it is I really need.
>>>>>
>>>>> nothing interesting listing in lippam*
>>>>> I installed a lot of pam* that looks like what I might need. I have
>>>>> pam_krb5
>>>>>
>>>>>
>>>>> >
>>>>>> > I've tried without named running and with it running and get the
>>>>>> same
>>>>>> > error. Mayke something missing in the python scripts building the
>>>>>> dns
>>>>>> > file.
>>>>>> >
>>>>>>
>>>>>> I just install Bind9, configure it, but do not start it. I then
>>>>>> provision Samba. I then start Bind9 followed by Samba and it just
>>>>>> works. Perhaps there is something wrong in your bind conf files ?
>>>>>>
>>>>>>
>>>>> If i do a query against the local dns I get a return so it looks like
>>>>> when running it works fine.
>>>>>
>>>>> my named.conf looks like so
>>>>>
>>>>> options {
>>>>>         listen-on port 53 { 127.0.0.1; };
>>>>>         listen-on-v6 port 53 { ::1; };
>>>>>         directory       "/var/named";
>>>>>         dump-file       "/var/named/data/cache_dump.db";
>>>>>         statistics-file "/var/named/data/named_stats.txt";
>>>>>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>>>>>         allow-query     { localhost; };
>>>>>         recursion yes;
>>>>>         dnssec-enable yes;
>>>>>         dnssec-validation yes;
>>>>>         managed-keys-directory "/var/named/dynamic";
>>>>>         pid-file "/run/named/named.pid";
>>>>>         session-keyfile "/run/named/session.key";
>>>>>         include "/etc/crypto-policies/back-ends/bind.config";
>>>>> };
>>>>> logging {
>>>>>         channel default_debug {
>>>>>                 file "data/named.run";
>>>>>                 severity dynamic;
>>>>>         };
>>>>> };
>>>>> zone "." IN {
>>>>>         type hint;
>>>>>         file "named.ca";
>>>>> };
>>>>> include "/etc/named.rfc1912.zones";
>>>>> include "/etc/named.root.key";
>>>>>
>>>>> /etc/crypto-policies/back-ends/bind.config looks like
>>>>>
>>>>> disable-algorithms "." {
>>>>> RSAMD5;
>>>>> };
>>>>> disable-ds-digests "." {
>>>>> GOST;
>>>>> };
>>>>>
>>>>>
>>>>>
>>>>>> Rowland
>>>>>>
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using samba with bind dlz

Samba - General mailing list
On Mon, 10 Jul 2017 11:01:32 -0600
Jeff Sadowski <[hidden email]> wrote:

> dnf install tdb-tools and wala it finishes as expected. :-)
>

On Debian, tdb-tools gets installed automatically, this is probably
because you have been able to create an AD DC since Samba 4 came out.

But good catch, glad you got it to work ;-)

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: using samba with bind dlz

Samba - General mailing list
I'll need to submit a patch so that tdb_copy comes back with a more
meaningful error.
Something like:

    if not os.path.exists(toolpath):
        raise Exception("Error I could not find tdbbackup")

for files
/usr/lib64/python2.7/site-packages/samba/tdb_util.py
and
/usr/lib64/python3.6/site-packages/samba/tdb_util.py
and since the are the same
diff /usr/lib64/python2.7/site-packages/samba/tdb_util.py
/usr/lib64/python2.7/site-packages/samba/tdb_util.py
comes back empty I wonder why there are two versions. Maybe they could have
a better scheme for python versions and have some code that lives in a
place that isn't version specific.


On Mon, Jul 10, 2017 at 11:12 AM, Rowland Penny via samba <
[hidden email]> wrote:

> On Mon, 10 Jul 2017 11:01:32 -0600
> Jeff Sadowski <[hidden email]> wrote:
>
> > dnf install tdb-tools and wala it finishes as expected. :-)
> >
>
> On Debian, tdb-tools gets installed automatically, this is probably
> because you have been able to create an AD DC since Samba 4 came out.
>
> But good catch, glad you got it to work ;-)
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...