[Samba] samba 4 named. dlz_bind9.so not found

[steve]

Hi everyone

openSUSE 12.1
samba Version 4.0.0alpha18-GIT-30d4484

Following the wiki instructions for Samba 4, I added

include "/usr/local/samba/private/named.conf";

to /etc/named.conf (the last line)

The logs give:

3 23:52:50 hh3 named[5743]: Loading 'AD DNS Zone' using driver dlopen
3 23:52:50 hh3 named[5743]: dlz_dlopen failed to open library
'/usr/local/samba/modules/bind9/dlz_bind9.so' -
/usr/local/samba/modules/bind. . .no such file. . .
3 23:52:50 hh3 named[5743]: dlz_dlopen of 'AD DNS Zone' failed
3 23:52:50 hh3 named[5743]: SDLZ driver failed to load.
3 23:52:50 hh3 named[5743]: DLZ driver failed to load.
3 23:52:50 hh3 named[5743]: loading configuration: failure
3 23:52:50 hh3 named[5743]: exiting (due to fatal error)
3 23:52:50 hh3 named[5689]: Starting name server BIND ..failed

The file is in the place it should be but named is chrooted and that
path is not inside the jail. If that's correct, and the wiki is to stay
the same then dlz_bind9.so should be copied to:

/var/lib/named/usr/local/samba/modules/bind9/

But if I do that, I now get another error:

Dec 4 00:26:12 hh3 named[5968]: Loading 'AD DNS Zone' using driver dlopen
Dec 4 00:26:12 hh3 named[5968]: dlz_dlopen failed to open library
'/usr/local/samba/modules/bind9/dlz_bind9.so' - libsamdb.so.0: cannot
open shared object file: No such file. . .
Dec 4 00:26:12 hh3 named[5968]: dlz_dlopen of 'AD DNS Zone' failed

Ahhgghh!

openSUSE makes it difficult to remove the chroot, which I think is the
problem. Does anyone know how I can get around this?

Thanks.
Steve.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

[steve]

Hi again

I reinstalled Samba 4 and bind from nothing. Following the wiki I now
get this:

with include "/usr/local/samba/private/named.conf"; in the options{}
section of /etc/named.conf, I get this:

Dec 4 08:10:43 hh3 named[5470]: Starting name server BIND
/usr/local/samba/private/named.conf:11: unknown option 'dlz'


When it is outside the options {} I get this:


Dec 4 08:12:58 hh3 named[5597]: Loading 'AD DNS Zone' using driver dlopen
Dec 4 08:12:58 hh3 named[5597]: dlz_dlopen failed to open library
'/usr/local/samba/modules/bind9/dlz_bind9.so' - libsamdb.so.0: cannot
open shared object file: No such file or directory
Dec 4 08:12:58 hh3 named[5597]: dlz_dlopen of 'AD DNS Zone' failed
Dec 4 08:12:58 hh3 named[5597]: SDLZ driver failed to load.
Dec 4 08:12:58 hh3 named[5597]: DLZ driver failed to load.
Dec 4 08:12:58 hh3 named[5597]: loading configuration: failure
Dec 4 08:12:58 hh3 named[5597]: exiting (due to fatal error)
Dec 4 08:12:58 hh3 named[5547]: Starting name server BIND ..failed
Dec 4 08:12:58 hh3 systemd[1]: named.service: control process exited,
code=exited status=1
Dec 4 08:12:58 hh3 systemd[1]: Unit named.service entered failed state.

What am I missing?
THanks
Steve.

[Marcel Ritter]

Hi Steve,

the last configuration is the correct one.

However you may have to set LD_LIBRARY_PATH to the
directory containing libsamdb.so.0 (or other libraries it may complain
about during startup).

Bye,
Marcel

________________________________________
Von: samba-...@lists.samba.org [samba-...@lists.samba.org]" im Auftrag von "steve [st...@steve-ss.com]
Gesendet: Sonntag, 4. Dezember 2011 08:16
Bis: sa...@lists.samba.org
Betreff: Re: [Samba] samba 4 named. dlz_bind9.so not found

[steve]

Hi Marcel

Thanks for the confirmation. It narrows down the problem.

I can confirm:
/usr/local/samba/modules/bind9/dlz_bind9.so
is there OK.

However:
hh3:/home/steve # echo $LD_LIBRARY_PATH

hh3:/home/steve # export LD_LIBRARY_PATH=/usr/local/samba/modules/bind9/
hh3:/home/steve # echo $LD_LIBRARY_PATH
/usr/local/samba/modules/bind9/
hh3:/home/steve # rcnamed restart
redirecting to systemctl
Job failed. See system logs and 'systemctl status' for details.

And the file not found error reappears even with the library path set.

In openSUSE named runs chroot (at /var/lib/named). Could that be why it
cannot find the library at the given path? Or a combination of the jail
and the path?

Confused. Any ideas?
Cheers
Steve.

On 04/12/11 09:45, Marcel Ritter wrote:
> Hi Steve,
>
> the last configuration is the correct one.
>
> However you may have to set LD_LIBRARY_PATH to the
> directory containing libsamdb.so.0 (or other libraries it may complain
> about during startup).
>
> Bye,
> Marcel
>
> ________________________________________

> Von: samba-...@lists.samba.org [samba-...@lists.samba.org]" im Auftrag von"steve [st...@steve-ss.com]

[Marcel Ritter]

Hi Steve,

it's quite likely, that bind running in chroot is the cause of
the problem. You can easily test it by disabling chroot for
named on SuSE systems by editing /etc/sysconfig/named

NAMED_RUN_CHROOTED="no"

If the problem is still there, try running named using strace,
and have a look at all stat()/open() calls concerning dlz_bind9.so.

This should give some hints about missing files/permissions and
may help to narrow down the problem.

Bye,
Marcel



________________________________________
Von: samba-...@lists.samba.org [samba-...@lists.samba.org]" im Auftrag von "steve [st...@steve-ss.com]
Gesendet: Sonntag, 4. Dezember 2011 10:26

[steve]

On 04/12/11 14:19, Marcel Ritter wrote:
> Hi Steve,
>

> it's quite likely, that bind running in chroot is the cause of
> the problem. You can easily test it by disabling chroot for
> named on SuSE systems by editing /etc/sysconfig/named
>
> NAMED_RUN_CHROOTED="no"
>
> If the problem is still there, try running named using strace,
> and have a look at all stat()/open() calls concerning dlz_bind9.so.
>
> This should give some hints about missing files/permissions and
> may help to narrow down the problem.
>
> Bye,
> Marcel
>

Hi Marcel

Progress.

Removing the jail worked and named starts. It's getting better. Now I
have this:

hh3:/home/steve # host -t SRV _ldap._tcp.hh3.site.
_ldap._tcp.hh3.site has SRV record 0 100 389 hh3.hh3.site.
hh3:/home/steve # host -t SRV _kerberos._udp.hh3.site.
_kerberos._udp.hh3.site has SRV record 0 100 88 hh3.hh3.site.
hh3:/home/steve # host -t A samba.hh3.site
Host samba.hh3.site not found: 3(NXDOMAIN)

2 successes and a 1 failure.

(hh3.site is the fqdn)

The logs give this:

Dec 4 17:04:27 hh3 named[3383]: couldn't add command channel ::1#953:
address not available
Dec 4 17:04:27 hh3 named[3383]: zone 0.0.127.in-addr.arpa/IN: loaded
serial 42
Dec 4 17:04:27 hh3 named[3383]: zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
loaded serial 42
Dec 4 17:04:27 hh3 named[3383]: zone localhost/IN: loaded serial 42
Dec 4 17:04:27 hh3 named[3383]: managed-keys-zone ./IN: loading from
master file managed-keys.bind failed: file not found
Dec 4 17:04:27 hh3 named[3383]: managed-keys-zone ./IN: loaded serial 0
Dec 4 17:04:27 hh3 named[3356]: Starting name server BIND ..done
Dec 4 17:04:27 hh3 named[3383]: running

Am trying hard to keep calm! I asked about the managed-keys-zone on the
openSUSE list a few days ago, but nothing.
Any ideas where to turn next?
Cheers
Steve

[Marcel Ritter]

Hi Steve,

as 2 of the 3 queries did succeed, are you sure the hostname
of your dc was correctly detected during provision?

Does "hostname -f" return "samba.hh3.site"?

You may also try samba-tool / ldbsearch to get info about
the DNS entries stored by samba.
(Please replace 192.168.1.6 with the IP of your samba4 dc.)

The following command will try to do a dns lookup using
samba only (no bind) for "samba.hh3.site":

/opt/samba4/bin/samba-tool dns query 192.168.1.6 hh3.site samba A -U Administrator%password

You may also try to list entries via ldbsearch (change path to your sam.ldb.d):

/opt/samba4/bin/ldbsearch -H /opt/samba4/var/lib/samba/private/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=HH3\,DC\=SITE.ldb -b dc=domaindnszones,dc=hh3,dc=site name


Hope this helps,
Marcel

________________________________________
Von: samba-...@lists.samba.org [samba-...@lists.samba.org]" im Auftrag von "steve [st...@steve-ss.com]
Gesendet: Sonntag, 4. Dezember 2011 17:17

Bis: sa...@lists.samba.org
Betreff: Re: [Samba] samba 4 named. dlz_bind9.so not found

[steve]

Hi Marcel

re: host -t A samba.hh3.site

I think I've understood it now.

I took that line from the samba wiki: 'In the following examples we will
assume your DNS domain name is 'samdom.example.com' and your short (also
known as NT4) domain name is 'samdom'. We will assume that your Samba
servers hostname is samba.'

In my case, my dns domain name is hh3.site, short NT4 name is HH1 and my
samba servers hostname is hh3.

so in my case I think that line should have been:

host -t A hh3.hh3.site
hh3.hh3.site has address 192.168.1.3

which works of course. (Duh. Sunday is usually an non working day for me!)

Using your samba only method also works:

samba-tool dns query 192.168.1.3 hh3.site hh3 A -U administrator
Password for [HH1\administrator]:
Name=, Records=1, Children=0
A: 192.168.1.3 (flags=f0, serial=1, ttl=900)

I can now logon and create folders using smbclient. But I can't create
new fils nor folders using konq or dolphin. Samba 4 does not ask me for
a username nor password and tells me 'access denied' when trying. I have
this open on another thread.

The other thing I can't figure out is how a linux client would use the
AD user information to be able to authenticate.

Thanks for your patience.
Steve.

On 04/12/11 20:44, Marcel Ritter wrote:
> Hi Steve,
>

> as 2 of the 3 queries did succeed, are you sure the hostname
> of your dc was correctly detected during provision?
>
> Does "hostname -f" return "samba.hh3.site"?
>
> You may also try samba-tool / ldbsearch to get info about
> the DNS entries stored by samba.
> (Please replace 192.168.1.6 with the IP of your samba4 dc.)
>
> The following command will try to do a dns lookup using
> samba only (no bind) for "samba.hh3.site":
>
> /opt/samba4/bin/samba-tool dns query 192.168.1.6 hh3.site samba A -U Administrator%password
>
> You may also try to list entries via ldbsearch (change path to your sam.ldb.d):
>
> /opt/samba4/bin/ldbsearch -H /opt/samba4/var/lib/samba/private/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=HH3\,DC\=SITE.ldb -b dc=domaindnszones,dc=hh3,dc=site name
>
>
> Hope this helps,
> Marcel
>
> ________________________________________

> Von: samba-...@lists.samba.org [samba-...@lists.samba.org]" im Auftrag von"steve [st...@steve-ss.com]

[Adam Tauno Williams]

On Sun, 2011-12-04 at 08:45 +0000, Marcel Ritter wrote:
> the last configuration is the correct one.
> However you may have to set LD_LIBRARY_PATH to the
> directory containing libsamdb.so.0 (or other libraries it may complain
> about during startup).

I'm also using bind-9.8.1 on openSUSE 12.1 x86_64 and seeing something
like the same problem.

I run bind as -
named -4 -c /etc/named.conf -g -u named -d 65535

06-Dec-2011 10:43:20.486 Loading 'AD DNS Zone' using driver dlopen
06-Dec-2011 10:43:20.486 Loading SDLZ driver.
06-Dec-2011 10:43:20.562 samba_dlz: Failed to connect
to /opt/s4/private/dns/sam.ldb
06-Dec-2011 10:43:20.563 dlz_dlopen of 'AD DNS Zone' failed
06-Dec-2011 10:43:20.563 SDLZ driver failed to load.
06-Dec-2011 10:43:20.563 DLZ driver failed to load.

Does that mean it loaded the samba_dlz driver? [I have /opt/s4/lib
in /etc/ld.so.conf.d/s4.conf, and have run /sbin/ldconfig]

The group named has rw- for /opt/s4/private/dns/sam.ldb

It doesn't seem terribly informative.

[Adam Tauno Williams]

On Tue, 2011-12-06 at 11:11 -0500, Adam Tauno Williams wrote:

> On Tue, 2011-12-06 at 10:47 -0500, Adam Tauno Williams wrote:
> > On Sun, 2011-12-04 at 08:45 +0000, Marcel Ritter wrote:
> > > the last configuration is the correct one.
> > > However you may have to set LD_LIBRARY_PATH to the
> > > directory containing libsamdb.so.0 (or other libraries it may complain
> > > about during startup).
> >
> > I'm also using bind-9.8.1 on openSUSE 12.1 x86_64 and seeing something
> > like the same problem.
> >
> > I run bind as -
> > named -4 -c /etc/named.conf -g -u named -d 65535
> > 06-Dec-2011 10:43:20.486 Loading 'AD DNS Zone' using driver dlopen
> > 06-Dec-2011 10:43:20.486 Loading SDLZ driver.
> > 06-Dec-2011 10:43:20.562 samba_dlz: Failed to connect
> > to /opt/s4/private/dns/sam.ldb
> > 06-Dec-2011 10:43:20.563 dlz_dlopen of 'AD DNS Zone' failed
> > 06-Dec-2011 10:43:20.563 SDLZ driver failed to load.
> > 06-Dec-2011 10:43:20.563 DLZ driver failed to load.
> > Does that mean it loaded the samba_dlz driver? [I have /opt/s4/lib
> > in /etc/ld.so.conf.d/s4.conf, and have run /sbin/ldconfig]
> > The group named has rw- for /opt/s4/private/dns/sam.ldb
> > It doesn't seem terribly informative.
>
>

> Via strace I clearly see -
> 2434 mmap(NULL, 2105528, PROT_READ|PROT_EXEC, MAP_PRIVATE|
> MAP_DENYWRITE, 9, 0) = 0x7fc8f850c000
> 2434 mprotect(0x7fc8f850e000, 2093056, PROT_NONE) = 0
> 2434 mmap(0x7fc8f870d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|
> MAP_FIXED|MAP_DENYWRITE, 9, 0x1000) = 0x7fc8f870d000
> 2434 close(9) = 0
> 2434 mprotect(0x7fc8f870d000, 4096, PROT_READ) = 0
> 2434 stat("/opt/s4/modules/ldb", {st_mode=S_IFDIR|0755,
> st_size=4096, ...}) = 0
> 2434 stat("/opt/s4/modules/ldb", {st_mode=S_IFDIR|0755,
> st_size=4096, ...}) = 0
> 2434 stat("/opt/s4/private/dns/sam.ldb", 0x7fc9123692a0) = -1 EACCES
> (Permission denied)
> 2434 open("/opt/s4/private/dns/sam.ldb", O_RDWR|O_CREAT, 0600) = -1
> EACCES (Permission denied)
> 2434 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2202, ...})
> = 0
> after it has opened a bunch of Samba libraries and read
> from /opt/s4/etc/smb.conf
> In /etc/selinux/config I have SELINUX=disabled

It was a permissions problem. Changing the permissions -

linux-uf10:~ # chmod 777 /opt/s4/private/dns/sam.ldb
linux-uf10:~ # chmod 777 /opt/s4/private/dns
linux-uf10:~ # chmod 777 /opt/s4/private

- changed the error. :(

linux-uf10:~ # named -4 -c /etc/named.conf -g -u named

06-Dec-2011 11:14:35.735 Loading 'AD DNS Zone' using driver dlopen
ldb: module partition initialization failed : Operations error
ldb: module show_deleted initialization failed : Operations error
ldb: module extended_dn_out_ldb initialization failed : Operations error
ldb: module repl_meta_data initialization failed : Operations error
ldb: module subtree_delete initialization failed : Operations error
ldb: module schema_load initialization failed : Operations error
ldb: module operational initialization failed : Operations error
ldb: module aclread initialization failed : Operations error
ldb: module acl initialization failed : Operations error
ldb: module descriptor initialization failed : Operations error
ldb: module objectclass initialization failed : Operations error
ldb: module asq initialization failed : Operations error
ldb: module server_sort initialization failed : Operations error
ldb: module paged_results initialization failed : Operations error
ldb: module dirsync initialization failed : Operations error
ldb: module rootdse initialization failed : Operations error
ldb: module samba_dsdb initialization failed : Operations error
ldb: Unable to load modules for /opt/s4/private/dns/sam.ldb: Unable to
open tdb '/opt/s4/private/dns/sam.ldb.d/DC=MICORE,DC=US.ldb'
06-Dec-2011 11:14:35.813 samba_dlz: Failed to connect
to /opt/s4/private/dns/sam.ldb

[Adam Tauno Williams]

On Tue, 2011-12-06 at 10:47 -0500, Adam Tauno Williams wrote:

> On Sun, 2011-12-04 at 08:45 +0000, Marcel Ritter wrote:
> > the last configuration is the correct one.
> > However you may have to set LD_LIBRARY_PATH to the
> > directory containing libsamdb.so.0 (or other libraries it may complain
> > about during startup).
>
> I'm also using bind-9.8.1 on openSUSE 12.1 x86_64 and seeing something
> like the same problem.
>
> I run bind as -
> named -4 -c /etc/named.conf -g -u named -d 65535
> 06-Dec-2011 10:43:20.486 Loading 'AD DNS Zone' using driver dlopen
> 06-Dec-2011 10:43:20.486 Loading SDLZ driver.
> 06-Dec-2011 10:43:20.562 samba_dlz: Failed to connect
> to /opt/s4/private/dns/sam.ldb
> 06-Dec-2011 10:43:20.563 dlz_dlopen of 'AD DNS Zone' failed
> 06-Dec-2011 10:43:20.563 SDLZ driver failed to load.
> 06-Dec-2011 10:43:20.563 DLZ driver failed to load.
> Does that mean it loaded the samba_dlz driver? [I have /opt/s4/lib
> in /etc/ld.so.conf.d/s4.conf, and have run /sbin/ldconfig]
> The group named has rw- for /opt/s4/private/dns/sam.ldb
> It doesn't seem terribly informative.

Via strace I clearly see -
2434 mmap(NULL, 2105528, PROT_READ|PROT_EXEC, MAP_PRIVATE|
MAP_DENYWRITE, 9, 0) = 0x7fc8f850c000
2434 mprotect(0x7fc8f850e000, 2093056, PROT_NONE) = 0
2434 mmap(0x7fc8f870d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_FIXED|MAP_DENYWRITE, 9, 0x1000) = 0x7fc8f870d000
2434 close(9) = 0
2434 mprotect(0x7fc8f870d000, 4096, PROT_READ) = 0
2434 stat("/opt/s4/modules/ldb", {st_mode=S_IFDIR|0755,
st_size=4096, ...}) = 0
2434 stat("/opt/s4/modules/ldb", {st_mode=S_IFDIR|0755,
st_size=4096, ...}) = 0
2434 stat("/opt/s4/private/dns/sam.ldb", 0x7fc9123692a0) = -1 EACCES
(Permission denied)
2434 open("/opt/s4/private/dns/sam.ldb", O_RDWR|O_CREAT, 0600) = -1
EACCES (Permission denied)
2434 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2202, ...})
= 0

after it has opened a bunch of Samba libraries and read
from /opt/s4/etc/smb.conf

In /etc/selinux/config I have SELINUX=disabled

[Adam Tauno Williams]

strace again comes to the rescue; and makes it blindingly obvious that I
overlooked the obvious. /opt/s4/private/dns/sam.ldb is a file, there is
also a /opt/s4/private/dns/sam.ldb.d directory. Fix the permissions
there as well and bind starts...

06-Dec-2011 11:19:07.018 Loading 'AD DNS Zone' using driver dlopen
06-Dec-2011 11:19:07.303 samba_dlz: started for DN DC=micore,DC=us
06-Dec-2011 11:19:07.304 samba_dlz: starting configure
06-Dec-2011 11:19:07.307 samba_dlz: configured writeable zone
'micore.us'
06-Dec-2011 11:19:07.310 samba_dlz: configured writeable zone
'_msdcs.micore.us'
06-Dec-2011 11:19:07.312 set up managed keys zone for view _default,
file 'managed-keys.bind'

BAM!

[Marcel Ritter]

Hi Adam,

does the group "named" also have rwx on the directory
/opt/s4/private/dns/
?

Bye,
Marcel


-----Ursprüngliche Nachricht-----
Von: samba-...@lists.samba.org [mailto:samba-...@lists.samba.org] Im Auftrag von Adam Tauno Williams
Gesendet: Dienstag, 6. Dezember 2011 17:11
An: sa...@lists.samba.org
Betreff: [Samba] Cannot open sam.ldb [Was: dlz_bind9.so not found]