Web lists-archives.com

[Samba] Bind_DLZ krb errors @ startup.




Hi,

I have 2 self compiled samba 4 DCs running 4.7.7 on Centos 7.5. One of them
is operating normally. On the other DC bind will not start. I turned up
debugging on dlz_bind as per https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Debugging_the_BIND9_DLZ_Module
When I try to start named I get the following in the logs:

May 10 13:19:44 vdc2 named[23773]: starting BIND 9.9.4-RedHat-9.9.4-61.el7 -u named -c /etc/named.conf
May 10 13:19:44 vdc2 named[23773]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--with-geoip' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/bind9' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--enable-fixed-rrset' '--with-tuning=large' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE'
May 10 13:19:44 vdc2 named[23773]: ----------------------------------------------------
May 10 13:19:44 vdc2 named[23773]: BIND 9 is maintained by Internet Systems Consortium,
May 10 13:19:44 vdc2 named[23773]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
May 10 13:19:44 vdc2 named[23773]: corporation.  Support and training for BIND 9 are
May 10 13:19:44 vdc2 named[23773]: available at https://www.isc.org/support
May 10 13:19:44 vdc2 named[23773]: ----------------------------------------------------
May 10 13:19:44 vdc2 named[23773]: adjusted limit on open files from 4096 to 1048576
May 10 13:19:44 vdc2 named[23773]: found 2 CPUs, using 2 worker threads
May 10 13:19:44 vdc2 named[23773]: using 2 UDP listeners per interface
May 10 13:19:44 vdc2 named[23773]: using up to 21000 sockets
May 10 13:19:44 vdc2 named[23773]: loading configuration from '/etc/named.conf'
May 10 13:19:44 vdc2 named[23773]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
May 10 13:19:44 vdc2 named[23773]: initializing GeoIP Country (IPv4) (type 1) DB
May 10 13:19:44 vdc2 named[23773]: GEO-106FREE 20160607 Build 1 Copyright (c) 2016 MaxMind
May 10 13:19:44 vdc2 named[23773]: initializing GeoIP Country (IPv6) (type 12) DB
May 10 13:19:44 vdc2 named[23773]: GEO-106FREE 20160607 Build 1 Copy
May 10 13:19:44 vdc2 named[23773]: GeoIP City (IPv4) (type 2) DB not available
May 10 13:19:44 vdc2 named[23773]: GeoIP City (IPv4) (type 6) DB not available
May 10 13:19:44 vdc2 named[23773]: GeoIP City (IPv6) (type 30) DB not available
May 10 13:19:44 vdc2 named[23773]: GeoIP City (IPv6) (type 31) DB not available
May 10 13:19:44 vdc2 named[23773]: GeoIP Region (type 3) DB not available
May 10 13:19:44 vdc2 named[23773]: GeoIP Region (type 7) DB not available
May 10 13:19:44 vdc2 named[23773]: GeoIP ISP (type 4) DB not available
May 10 13:19:44 vdc2 named[23773]: GeoIP Org (type 5) DB not available
May 10 13:19:44 vdc2 named[23773]: GeoIP AS (type 9) DB not available
May 10 13:19:44 vdc2 named[23773]: GeoIP Domain (type 11) DB not available
May 10 13:19:44 vdc2 named[23773]: GeoIP NetSpeed (type 10) DB not available
May 10 13:19:44 vdc2 named[23773]: using default UDP/IPv4 port range: [1024, 65535]
May 10 13:19:44 vdc2 named[23773]: using default UDP/IPv6 port range: [1024, 65535]
May 10 13:19:44 vdc2 named[23773]: listening on IPv4 interface lo, 127.0.0.1#53
May 10 13:19:44 vdc2 named[23773]: listening on IPv4 interface eno16780032, 172.25.0.7#53
May 10 13:19:44 vdc2 named[23773]: generating session key for dynamic DNS
May 10 13:19:44 vdc2 named[23773]: sizing zone task pool based on 5 zones
May 10 13:19:44 vdc2 named[23773]: Loading 'AD DNS Zone' using driver dlopen
May 10 13:19:44 vdc2 named[23773]: samba_dlz: INFO: Current debug levels:
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   all: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   tdb: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   printdrivers: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   lanman: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   smb: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   rpc_parse: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   rpc_srv: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   rpc_cli: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   passdb: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   sam: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   auth: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   winbind: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   vfs: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   idmap: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   quota: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   acls: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   locking: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   msdfs: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   dmapi: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   registry: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   scavenger: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   dns: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   ldb: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   tevent: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   auth_audit: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   auth_json_audit: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   kerberos: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   drs_repl: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   smb2: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz:   smb2_credits: 10
May 10 13:19:44 vdc2 named[23773]: samba_dlz: krb5_init_context failed (Invalid argument)
May 10 13:19:44 vdc2 named[23773]: samba_dlz: smb_krb5_context_init_basic failed (Invalid argument)
May 10 13:19:44 vdc2 named[23773]: dlz_dlopen of 'AD DNS Zone' failed
May 10 13:19:44 vdc2 named[23773]: SDLZ driver failed to load.
May 10 13:19:44 vdc2 named[23773]: DLZ driver failed to load.
May 10 13:19:44 vdc2 named[23773]: loading configuration: out of memory
May 10 13:19:44 vdc2 named[23773]: exiting (due to fatal error)
May 10 13:19:44 vdc2 systemd: named.service: control process exited, code=exited status=1
May 10 13:19:44 vdc2 systemd: Unit named.service entered failed state.
May 10 13:19:44 vdc2 systemd: named.service failed

The only thing I see of significance is:
May 10 13:19:44 vdc2 named[23773]: samba_dlz: krb5_init_context failed (Invalid argument)
May 10 13:19:44 vdc2 named[23773]: samba_dlz: smb_krb5_context_init_basic failed (Invalid argument)

Both DC's use the same smb.conf and named.conf and were working fine
until this AM.

The only thing that has changed is both machines were upgraded from Centos
7.4 to Centos 7.5. and restarted.

Google is not helping with the above errors. Can someone point me towards what
might be causing this?

Regards,

--
Tom			me@xxxxxxxxxx
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba