Re: [Samba] dlz_bind9_9.so: failed to map segment from shared object

On 25/05/2019 21:26, Maurizio Caloro wrote:
I have installed BIND9 after installed the Debian operation System new

I take it that means it was installed before the provision ;-)

samba-tool domain provision --use-rfc2307 --realm=x.200.caloro.moolgeeks --domain=caloro.m --server-role=dc1 --dns-backend=BIND9_DLZ --adminpass=putonepasswordhere.

I take that because you have this below: zone "caloro.m"

Your dns domain is 'caloro.m', is this correct ?

If it is your dns domain, your provision is incorrect, the realm should be CALORO.M and the domain should be CALORO (or anything you want, as long as it is in uppercase and doesn't contain a dot), the '--server-role' should be 'dc' not 'dc1' (which I presume is the short hostname)

*root@X200:/etc/bind# cat named.conf*
        include "/etc/bind/named.conf.options";
        include "/etc/bind/named.conf.local";
        include "/etc/bind/named.conf.default-zones";
        include "/var/lib/samba/bind-dns/named.conf";

*root@X200:/etc/bind# cat named.conf.options*
options {
        directory "/var/cache/bind";

        forwarders {;

        dnssec-validation no;
        listen-on-v6 { any; };
        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";

        recursion yes;

        auth-nxdomain no;
        listen-on-v6 { any; };
        allow-transfer {; };
        acl "acl_trusted_transfer" {;

*root@X200:/etc/bind# cat named.conf.local*
// Do any local configuration here

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "caloro.m" {
        type master;
        file "/etc/bind/db.caloro";

zone "1.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/db.calororeverse";

Sorry, but you cannot have the AD dns zones in the named.conf files, they are are in AD, this is known as 'flatfiles and you cannot use 'flatfiles'.

*root@X200:/etc/bind# cat named.conf.default-zones*
// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/usr/share/dns/root.hints";

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";

*root@X200:/etc/bind# cat "/var/lib/samba/bind-dns/named.conf"*
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
# This file should be included in your main BIND configuration file
# For example with
# include "/var/lib/samba/bind-dns/named.conf";

# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
dlz "AD DNS Zone" {
    # For BIND 9.11.x
     database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so -d 3";

    # For BIND 9.12.x
    # database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_12.so";

Sorry, but this is not the file created by the provision.



