Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] RNDC errors using SAMBA_INTERNAL_DNS

325 views
Skip to first unread message

Wayne Merricks

unread,
Apr 28, 2016, 12:50:05 PM4/28/16
to
Hi all,

I've set up a simple domain using Samba 4.4.2 from source under Ubuntu
16.04.

I accepted the usual defaults and basically followed wiki.samba.org to
the letter. The main thing is I'm using Samba's internal DNS and not
Bind (Bind is not even installed on the system).

In the log.samba file on the first DC I kept getting this:

[2016/04/28 17:01:02.716292, 0]
../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/rndc: Failed to exec child - No such file or directory
[2016/04/28 17:01:02.717094, 0]
../source4/dsdb/dns/dns_update.c:91(dnsupdate_rndc_done)
../source4/dsdb/dns/dns_update.c:91: Failed rndc update -
NT_STATUS_UNSUCCESSFUL

I'm not sure why dns_update would want to use rndc (bind utils) but I
installed rndc just to see what it would do and now I get this error:

[2016/04/28 17:09:03.095642, 0]
../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/rndc: rndc: neither /etc/bind/rndc.conf nor
/etc/bind/rndc.key was found
[2016/04/28 17:09:03.096090, 0]
../source4/dsdb/dns/dns_update.c:91(dnsupdate_rndc_done)
../source4/dsdb/dns/dns_update.c:91: Failed rndc update -
NT_STATUS_ACCESS_DENIED

The error makes sense as Bind is not installed but I'm puzzled why it
wants to do this even though it is set up as Samba Internal DNS.

On the second DC I get tsig verify failure messages but the Google
consensus seems to be that these are safely ignored under Samba Internal
DNS:

[2016/04/27 17:35:00.113802, 0]
../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/local/samba/sbin/samba_dnsupdate: ; TSIG error with server: tsig
verify failure
[2016/04/27 17:35:00.296862, 0]
../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/local/samba/sbin/samba_dnsupdate: ; TSIG error with server: tsig
verify failure
[2016/04/27 17:35:00.316968, 0]
../source4/dsdb/dns/dns_update.c:295(dnsupdate_nameupdate_done)
../source4/dsdb/dns/dns_update.c:295: Failed DNS update -
NT_STATUS_UNSUCCESSFUL


Are either of these errors worth fixing or are they something to live
with when using Samba Internal DNS?

Regards,

Wayne

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Rowland penny

unread,
Apr 28, 2016, 1:10:03 PM4/28/16
to
Strange, I compiled 4.4.2 myself and I don't have /usr/bin/rndc but
everything is working ok, mind you, I do use Bind9.

What packages did you install before compiling Samba and what where your
./configure options ?

Rowland

lingpa...@gmail.com

unread,
Apr 28, 2016, 2:10:02 PM4/28/16
to
I use Ubuntu 12.04 with Samba 4.4.2 and do not have this issue. It's as
if Samba thinks you are using Bind. What is the output of

samba-tool testparm -v | grep |"server services ="

Is bind installed and or running on this system inadvertently? I'm
curious if switching to bind and back to the internal DNS would solve this?

'samba_upgradedns --dns-backend=BIND9_DLZ'

then

'samba_upgradedns --dns-backend=SAMBA_INTERNAL'

Shutdown Samba first.

The tsig error you can safely ignore. Secure updates last I checked
still don't work.

--
-James

Andrew Bartlett

unread,
Apr 29, 2016, 4:40:04 AM4/29/16
to
This is a leftover from a time before the internal DNS server, and even
before the BIND9_DLZ module. It is harmless, but of course should be
removed. It is of some small value to those using the BIND_FLATFILE
backend, that is when we write out a static zone at provision time and
update a list of DCs into a file (with rights to change anything), and
call rndc to reload it.

Sorry,

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba

Wayne Merricks

unread,
Apr 29, 2016, 6:50:04 AM4/29/16
to
Hi,

I installed the dependencies direct from the Debian/Ubuntu pre-reqs on
the samba wiki here:

https://wiki.samba.org/index.php/Operating_system_requirements/Dependencies_-_Libraries_and_programs#Debian_.2F_Ubuntu

Then just a straight forward configure with no options as per this page:

https://wiki.samba.org/index.php/Build_Samba_from_source

Everything seems to work it (joining domains, logging in etc however I
don't have dhcp set up on the DC yet) just seems odd that it is trying
to use bind components.

Regards,

Wayne

Andrew Bartlett

unread,
Apr 29, 2016, 9:00:03 PM4/29/16
to
On Fri, 2016-04-29 at 11:37 +0100, Wayne Merricks wrote:
> Hi,
>
> I installed the dependencies direct from the Debian/Ubuntu pre-reqs
> on
> the samba wiki here:
>
> https://wiki.samba.org/index.php/Operating_system_requirements/Depend
> encies_-_Libraries_and_programs#Debian_.2F_Ubuntu
>
> Then just a straight forward configure with no options as per this
> page:
>
> https://wiki.samba.org/index.php/Build_Samba_from_source
>
> Everything seems to work it (joining domains, logging in etc however
> I
> don't have dhcp set up on the DC yet) just seems odd that it is
> trying
> to use bind components.

We should probably check for in-directory DNS records and then skip
this call in that case.

You are welcome to file a bug.

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba




0 new messages