Re: [Samba] samba 4 named. dlz_bind9.so not found

[steve]

Hi Marcel

re: host -t A samba.hh3.site
I think I've understood it now.

I took that line from the samba wiki: 'In the following examples we will 
assume your DNS domain name is 'samdom.example.com' and your short (also 
known as NT4) domain name is 'samdom'. We will assume that your Samba 
servers hostname is samba.'

In my case, my dns domain name is hh3.site, short NT4 name is HH1 and my 
samba servers hostname is hh3.

so in my case I think that line should have been:

 host -t A hh3.hh3.site
hh3.hh3.site has address 192.168.1.3

which works of course. (Duh. Sunday is usually an non working day for me!)

Using your samba only method also works:

samba-tool  dns query 192.168.1.3 hh3.site hh3 A -U administrator
Password for [HH1\administrator]:
  Name=, Records=1, Children=0
    A: 192.168.1.3 (flags=f0, serial=1, ttl=900)

I can now logon and create folders using smbclient. But I can't create 
new fils nor folders using konq or dolphin. Samba 4 does not ask me for 
a username nor password and tells me 'access denied' when trying. I have 
this open on another thread.

The other thing I can't figure out is how a linux client would use the 
AD user information to be able to authenticate.

Thanks for your patience.
Steve.





On 04/12/11 20:44, Marcel Ritter wrote:
Hi Steve,

as 2 of the 3 queries did succeed, are you sure the hostname
of your dc was correctly detected during provision?

Does "hostname -f" return "samba.hh3.site"?

You may also try samba-tool / ldbsearch to get info about
the DNS entries stored by samba.
(Please replace 192.168.1.6 with the IP of your samba4 dc.)

The following command will try to do a dns lookup using
samba only (no bind) for "samba.hh3.site":

/opt/samba4/bin/samba-tool  dns query 192.168.1.6 hh3.site samba A -U 
Administrator%password

You may also try to list entries via ldbsearch (change path to your sam.ldb.d):

/opt/samba4/bin/ldbsearch  -H 
/opt/samba4/var/lib/samba/private/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=HH3\,DC\=SITE.ldb
 -b dc=domaindnszones,dc=hh3,dc=site name


Hope this helps,
    Marcel

________________________________________
Von: samba-boun...@lists.samba.org [samba-boun...@lists.samba.org]" im Auftrag 
von"steve [st...@steve-ss.com]
Gesendet: Sonntag, 4. Dezember 2011 17:17
Bis: samba@lists.samba.org
Betreff: Re: [Samba] samba 4 named. dlz_bind9.so not found

On 04/12/11 14:19, Marcel Ritter wrote:
Hi Steve,

it's quite likely, that bind running in chroot is the cause of
the problem. You can easily test it by disabling chroot for
named on SuSE systems by editing /etc/sysconfig/named

NAMED_RUN_CHROOTED="no"

If the problem is still there, try running named using strace,
and have a look at all stat()/open() calls concerning dlz_bind9.so.

This should give some hints about missing files/permissions and
may help to narrow down the problem.

Bye,
     Marcel

Hi Marcel

Progress.

Removing the jail worked and named starts. It's getting better. Now I
have this:

hh3:/home/steve # host -t SRV _ldap._tcp.hh3.site.
_ldap._tcp.hh3.site has SRV record 0 100 389 hh3.hh3.site.
hh3:/home/steve # host -t SRV _kerberos._udp.hh3.site.
_kerberos._udp.hh3.site has SRV record 0 100 88 hh3.hh3.site.
hh3:/home/steve # host -t A samba.hh3.site
Host samba.hh3.site not found: 3(NXDOMAIN)

2 successes and a 1 failure.

(hh3.site is the fqdn)

The logs give this:

Dec  4 17:04:27 hh3 named[3383]: couldn't add command channel ::1#953:
address not available
Dec  4 17:04:27 hh3 named[3383]: zone 0.0.127.in-addr.arpa/IN: loaded
serial 42
Dec  4 17:04:27 hh3 named[3383]: zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
loaded serial 42
Dec  4 17:04:27 hh3 named[3383]: zone localhost/IN: loaded serial 42
Dec  4 17:04:27 hh3 named[3383]: managed-keys-zone ./IN: loading from
master file managed-keys.bind failed: file not found
Dec  4 17:04:27 hh3 named[3383]: managed-keys-zone ./IN: loaded serial 0
Dec  4 17:04:27 hh3 named[3356]: Starting name server BIND ..done
Dec  4 17:04:27 hh3 named[3383]: running

Am trying hard to keep calm! I asked about the managed-keys-zone on the
openSUSE list a few days ago, but nothing.
Any ideas where to turn next?
Cheers
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba