Web lists-archives.com

Re: [Samba] Issues with bind9 dlz




On Sun, 5 May 2019 23:27:26 +1000
Rob Thoman <emailthomasrob@xxxxxxxxx> wrote:

> Hi Rowland,
> The samba-tool dns zonelist 127.0.0.1 -U Administrator%xxxxxxxxxx |
> grep 'pszZoneName', gives
> 
> Using binding ncacn_ip_tcp:127.0.0.1[,sign]
> Mapped to DCERPC endpoint 135
> added interface eth0 ip=192.168.117.10 bcast=192.168.14.255
> netmask=255.255.255.0
> added interface eth0 ip=192.168.117.10 bcast=192.168.14.255
> netmask=255.255.255.0
> Mapped to DCERPC endpoint 1024
> added interface eth0 ip=192.168.117.10 bcast=192.168.14.255
> netmask=255.255.255.0
> added interface eth0 ip=192.168.117.10 bcast=192.168.14.255
> netmask=255.255.255.0
> Cannot do GSSAPI to an IP address
> Failed to start GENSEC client mech gssapi_krb5:
> NT_STATUS_INVALID_PARAMETER

You can ignore the above, it is an artefact of having 'log level = 4'
set
 
> 
> pszZoneName                 : intdom.group
> pszZoneName                 : _msdcs.intdom.group

You do not have a reverse zone.

> 
> I went through the
> https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integration
> bit and setup the selinux and apparmor exceptions, restarting the
> apparmor. I hadn't noticed but am seeing an rndc issue
> 
> 
> May 05 13:19:20 dozer5-new named[17817]: dlz_dlopen of 'AD DNS Zone'
> failed May 05 13:19:20 dozer5-new named[17817]: SDLZ driver failed to
> load. May 05 13:19:20 dozer5-new named[17817]: DLZ driver failed to
> load. May 05 13:19:20 dozer5-new named[17817]: loading configuration:
> failure May 05 13:19:20 dozer5-new named[17817]: exiting (due to
> fatal error) May 05 13:19:20 dozer5-new systemd[1]: bind9.service:
> Main process exited, code=exited, status=1/FAILURE
> May 05 13:19:20 dozer5-new rndc[17824]: rndc: connect failed:
> 127.0.0.1#953: connection refused

Have you replaced your /etc/bind/named.conf.options with one based
around mine ?

I noticed you seem to have a new name for your DC 'dozer5-new' instead
of 'server5'

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba