Web lists-archives.com

Re: [Samba] Problem with named.service




Good evening!
I must tell you that I found the solution to the problem I had in relation to the servicenamed I installed Centos 7.5 in a virtual machine and then I configured Samba4.
Everything worked great in the virtual machine, and then I checked the permissions to the files and folders in that virtual machine against the same files and folders on the real PC. Then I found that inside the folder/ usr / local / samba / private / most of the files had very different permissions than the files that I had just installed in the virtual machine, so I modified the filesand folders to be equal to the installation in the virtual machine.
After it finished restart the named service and everything worked as expected.
So in the end it was all a problem of permits.
Thanks everyone for your help!

José Fermín Francisco Ferreras Registered User #579535 (LinuxCounter.net) 

    El lunes, 11 de junio de 2018 1:53:53 p. m. AST, Fermin Francisco <abcddo@xxxxxxxxx> escribió:  
 
 I forgot to say that  I updated Centos from 7.4 to 7.5, and I updated samba4 to the new version.

This Would be a problem of records of something like that.



José Fermín Francisco Ferreras Registered User #579535 (LinuxCounter.net) 

    El lunes, 11 de junio de 2018 9:45:03 a. m. GMT-4, Fermin Francisco <abcddo@xxxxxxxxx> escribió:  
 
 Sorry, the real e-mail is this:

[root@pc ~]# systemctl status named.service 
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2018-06-11 08:54:10 AST; 12min ago
  Process: 1276 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 1073 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 1278 (named)
   CGroup: /system.slice/named.service
           └─1278 /usr/sbin/named -u named -c /etc/named.conf -4

Jun 11 09:06:19 pc named[1278]: samba_dlz: starting transaction on zone domain.local
Jun 11 09:06:19 pc named[1278]: client 172.20.1.95#62351: update 'domain.local/IN' denied
Jun 11 09:06:19 pc named[1278]: samba_dlz: cancelling transaction on zone domain.local
Jun 11 09:06:19 pc named[1278]: samba_dlz: starting transaction on zone domain.local
Jun 11 09:06:19 pc named[1278]: samba_dlz: disallowing update of signer=ADMISIONES1\$\@domain.LOCAL name=ADMISIONES1.domain.local ty...s rights
Jun 11 09:06:19 pc named[1278]: client 172.20.1.95#51971/key ADMISIONES1\$\@domain.LOCAL: updating zone 'domain.local/NONE': update ...REFUSED)
Jun 11 09:06:19 pc named[1278]: samba_dlz: cancelling transaction on zone domain.local
Jun 11 09:06:45 pc named[1278]: samba_dlz: starting transaction on zone domain.local
Jun 11 09:06:45 pc named[1278]: client 172.20.2.23#56645: update 'domain.local/IN' denied
Jun 11 09:06:45 pc named[1278]: samba_dlz: cancelling transaction on zone domain.local




José Fermín Francisco Ferreras Registered User #579535 (LinuxCounter.net) 

    El lunes, 11 de junio de 2018 9:16:55 a. m. GMT-4, Fermin Francisco <abcddo@xxxxxxxxx> escribió:  
 
 Good morning!

After I changed some permissions and owners of some files where Rowland told me, I have the next escenary:

[root@proxy ~]# systemctl status named.service 
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2018-06-11 08:54:10 AST; 12min ago
  Process: 1276 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 1073 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 1278 (named)
   CGroup: /system.slice/named.service
           └─1278 /usr/sbin/named -u named -c /etc/named.conf -4

Jun 11 09:06:19 proxy named[1278]: samba_dlz: starting transaction on zone gmu.local
Jun 11 09:06:19 proxy named[1278]: client 172.20.1.95#62351: update 'gmu.local/IN' denied
Jun 11 09:06:19 proxy named[1278]: samba_dlz: cancelling transaction on zone gmu.local
Jun 11 09:06:19 proxy named[1278]: samba_dlz: starting transaction on zone gmu.local
Jun 11 09:06:19 proxy named[1278]: samba_dlz: disallowing update of signer=ADMISIONES1\$\@GMU.LOCAL name=ADMISIONES1.gmu.local ty...insuficient access rights
Jun 11 09:06:19 proxy named[1278]: client 172.20.1.95#51971/key ADMISIONES1\$\@GMU.LOCAL: updating zone 'gmu.local/NONE': update ...REFUSED)
Jun 11 09:06:19 proxy named[1278]: samba_dlz: cancelling transaction on zone gmu.local
Jun 11 09:06:45 proxy named[1278]: samba_dlz: starting transaction on zone gmu.local
Jun 11 09:06:45 proxy named[1278]: client 172.20.2.23#56645: update 'gmu.local/IN' denied
Jun 11 09:06:45 proxy named[1278]: samba_dlz: cancelling transaction on zone gmu.local




 
José Fermín Francisco Ferreras Registered User #579535 (LinuxCounter.net) 

    El sábado, 9 de junio de 2018 7:53:21 p. m. GMT-4, Fermin Francisco <abcddo@xxxxxxxxx> escribió:  
 
 Good Afternoon!
I had thinking that maybe is a permissions problem.
Then, here the files permissions:

[root@pc ~]# ls -l /etc/resolv.conf

-rw-r--r--. 1 root root 78 Jun  7 17:32 /etc/resolv.conf------------------------------------------------------------------------------
[root@pc ~]# ls -l /etc/hosts

-rw-r--r--. 1 root root 193 Dec  4  2017 /etc/hosts
------------------------------------------------------------------------------

[root@pc ~]# ls -l /etc/hostname

-rw-r--r--. 1 root root 6 Mar 15  2017 /etc/hostname
------------------------------------------------------------------------------

[root@pc ~]# ls -l /etc/krb5.conf

-rw-r--r-- 1 root named 275 Jun  7 21:14 /etc/krb5.conf------------------------------------------------------------------------------

[root@pc ~]# ls -l /etc/named.conf

-rw-r----- 1 named named 673 Jun  9 13:00 /etc/named.conf
-----------------------------------------------------------------------------
[root@pc ~]# ls -l /usr/local/samba/etc/smb.conf

-rw-r--r--. 1 root root 481 Jun  9 07:50 /usr/local/samba/etc/smb.conf------------------------------------------------------------------------------

[root@pc ~]# ls -l /usr/local/samba/private/named.conf

-rwx------. 1 named named 738 Jun  9 13:17 /usr/local/samba/private/named.conf------------------------------------------------------------------------------

[root@pc ~]# ls -l /var/named/

total 7276drwxr-x---  7 root  named     4096 Jun  6 17:01 chroot
drwxr-x---  7 root  named     4096 Jun  6 17:01 chroot_sdb
-rw-------  1 named named 59031552 Jun  9 13:17 core.2775
drwxrwx---. 2 named named     4096 Apr 12 14:48 data
-rw-------  1 named named     4619 Jun  9 16:41 _default.tsigkeys
drwxrwx---. 2 named named     4096 Jun  9 10:00 dynamic
drwxrwx---. 2 root  named     4096 Aug 23  2017 dyndb-ldap
-rw-r-----  1 root  named     2281 May 22  2017 named.ca
-rw-r-----  1 root  named      152 Dec 15  2009 named.empty
-rw-r-----  1 root  named      152 Jun 21  2007 named.localhost
-rw-r-----  1 root  named      168 Dec 15  2009 named.loopback
drwxrwx---  2 named named     4096 Apr 12 14:48 slaves
-rw-------  1 named named        0 Jun  6 16:53 tmp-NCmwqgdbNj
-rw-------  1 named named        0 Jun  6 14:29 tmp-zUOntofvPk
------------------------------------------------------------------------------


[root@pc ~]# ls -l /etc/sysconfig/selinux

lrwxrwxrwx. 1 root root 17 Mar 15  2017 /etc/sysconfig/selinux -> ../selinux/config
------------------------------------------------------------------------------


[root@pc ~]# ls -l /etc/init.d/samba4

-rwxr-xr-x. 1 root root 1150 Mar 15  2017 /etc/init.d/samba4
------------------------------------------------------------------------------


[root@pc ~]# ls -l /usr/local/samba/private/dns.keytab

-rwx------. 1 root named 707 Mar 15  2017 /usr/local/samba/private/dns.keytab
------------------------------------------------------------------------------



José Fermín Francisco Ferreras Registered User #579535 (LinuxCounter.net)


José Fermín Francisco Ferreras Registered User #579535 (LinuxCounter.net) 

    El sábado, 9 de junio de 2018 7:13:24 p. m. AST, Fermin Francisco <abcddo@xxxxxxxxx> escribió:  
 
 Good Afternoon!
I had thinking that maybe is a permissions problem.
Then, here the files permissions:

[root@pc ~]# ls -l /etc/resolv.conf-rw-r--r--. 1 root root 78 Jun  7 17:32 /etc/resolv.conf------------------------------------------------------------------------------
[root@pc ~]# ls -l /etc/hosts-rw-r--r--. 1 root root 193 Dec  4  2017 /etc/hosts
------------------------------------------------------------------------------

[root@pc ~]# ls -l /etc/hostname-rw-r--r--. 1 root root 6 Mar 15  2017 /etc/hostname
------------------------------------------------------------------------------

[root@pc ~]# ls -l /etc/krb5.conf-rw-r--r-- 1 root named 275 Jun  7 21:14 /etc/krb5.conf------------------------------------------------------------------------------

[root@pc ~]# ls -l /etc/named.conf-rw-r----- 1 named named 673 Jun  9 13:00 /etc/named.conf
[root@pc ~]# ls -l /usr/local/samba/etc/smb.conf-rw-r--r--. 1 root root 481 Jun  9 07:50 /usr/local/samba/etc/smb.conf------------------------------------------------------------------------------

[root@pc ~]# ls -l /usr/local/samba/private/named.conf-rwx------. 1 named named 738 Jun  9 13:17 /usr/local/samba/private/named.conf------------------------------------------------------------------------------

[root@pc ~]# ls -l /var/named/total 7276drwxr-x---  7 root  named     4096 Jun  6 17:01 chrootdrwxr-x---  7 root  named     4096 Jun  6 17:01 chroot_sdb-rw-------  1 named named 59031552 Jun  9 13:17 core.2775drwxrwx---. 2 named named     4096 Apr 12 14:48 data-rw-------  1 named named     4619 Jun  9 16:41 _default.tsigkeysdrwxrwx---. 2 named named     4096 Jun  9 10:00 dynamicdrwxrwx---. 2 root  named     4096 Aug 23  2017 dyndb-ldap-rw-r-----  1 root  named     2281 May 22  2017 named.ca-rw-r-----  1 root  named      152 Dec 15  2009 named.empty-rw-r-----  1 root  named      152 Jun 21  2007 named.localhost-rw-r-----  1 root  named      168 Dec 15  2009 named.loopbackdrwxrwx---  2 named named     4096 Apr 12 14:48 slaves-rw-------  1 named named        0 Jun  6 16:53 tmp-NCmwqgdbNj-rw-------  1 named named        0 Jun  6 14:29 tmp-zUOntofvPk
------------------------------------------------------------------------------


[root@pc ~]# ls -l /etc/sysconfig/selinuxlrwxrwxrwx. 1 root root 17 Mar 15  2017 /etc/sysconfig/selinux -> ../selinux/config
------------------------------------------------------------------------------


[root@pc ~]# ls -l /etc/init.d/samba4-rwxr-xr-x. 1 root root 1150 Mar 15  2017 /etc/init.d/samba4
------------------------------------------------------------------------------


[root@pc ~]# ls -l /usr/local/samba/private/dns.keytab-rwx------. 1 root named 707 Mar 15  2017 /usr/local/samba/private/dns.keytab
------------------------------------------------------------------------------



José Fermín Francisco Ferreras Registered User #579535 (LinuxCounter.net) 

    El sábado, 9 de junio de 2018 2:15:50 p. m. AST, Dr. Hansjörg Maurer <hansjoerg.maurer@xxxxxxx> escribió:  
 
 Hi

can you post your /etc/krb5.conf

Regards


Hansjörg




-- 
Dr. Hansjörg Maurer
itsystems Deutschland AG
Erzgießereistr. 22
80335 München
Tel:  +49-89-52 04 68-41
Fax:  +49-89-52 04 68-59
E-Mail: hansjoerg.maurer@xxxxxxx
Web:    http://www.itsd.de


Amtsgericht München HRB 132146
USt-IdNr. DE 812991301
Steuer-Nr. 143/100/81575

Aufsichtsratsvorsitzender:
Stefan Adam
Vorstand:
Dr. Michael Krocka
Dr. Hansjörg Maurer



----------------------------
Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an hansjoerg.maurer@xxxxxxx.

Our system is equipped with an email encryption gateway. If you want email sent to you to be encrypted please send a S/MIME signed email or your PGP public key to hansjoerg.maurer@xxxxxxx.

            
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba