Re: [Samba] Bind9 AD SDLZ driver failed to load
This is mine working on centos 6: [root@s4master ~]# named -V BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 built with '--host=x86_64-redhat-linux-gnu' '--build=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=/usr/include/gssapi' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS= -DDIG_SIGCHASE' using OpenSSL version: OpenSSL 1.0.0 29 Mar 2010 using libxml2 version: 2.7.6 What about with-dlopen and your correct path to '--with-geoip=/usr' --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Robert Millott Gesendet: Mittwoch, 11. September 2013 17:33 An: samba@lists.samba.org Betreff: [Samba] Bind9 AD SDLZ driver failed to load I installed Bind9 on a new ubuntu 13.04 server using apt-get install bind9 and am trying to integrate AD into it. Bind starts fine and will resolve my domain and computer names, but when I add the line include /usr/local/samba/private/named.conf into /etc/bind/named.conf, Bind9 fails to start. I have edited that file to ensure the correct line is included for Bind 9.9, and I am not getting any apparmor errors in my logs, but it will not start. The last paste to this message is me running named -g -d 9 and you can see where SDLZ failes to load, but no reason is given. I see no useful errors, so don't know where to begin fixing it Thanx for the help Here is some of my configurations named -V BIND 9.9.2-P1 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' using OpenSSL version: OpenSSL 1.0.1c 10 May 2012 using libxml2 version: 2.9.0 cat /etc/bind/named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include /etc/bind/named.conf.options; include /etc/bind/named.conf.local; include /etc/bind/named.conf.default-zones; include /usr/local/samba/private/named.conf; cat /etc/bind/named.conf.options options { directory /etc/bind; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 8.8.8.8; 8.8.4.4; }; // // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys // dnssec-validation auto; auth-nxdomain yes;# conform to RFC1035 listen-on-v6 { none; }; allow-transfer {none;}; notify no; allow-query { xxx.xxx.xxx.xxx/24; // other networks you want to allow to query your DNS }; allow-recursion { xxx.xxx.xxx.xxx/24; //other networks you want to allow to do recurrsive queries }; tkey-gssapi-keytab /usr/local/samba/private/dns.keytab; }; cat /usr/local/samba/private/named.conf # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support. # # This file should
Re: [Samba] Bind9 AD SDLZ driver failed to load
On Wed, 2013-09-11 at 11:32 -0400, Robert Millott wrote: I installed Bind9 on a new ubuntu 13.04 server using apt-get install bind9 and am trying to integrate AD into it. Bind starts fine and will resolve my domain and computer names, but when I add the line include /usr/local/samba/private/named.conf into /etc/bind/named.conf, Bind9 fails to start. Ho On Ubuntu, I think bind runs as user bind. Can bind read/get into to beable to read the dns partition at /sam.ldb.d, /dns and dns.keytab under /usr/local/samba/private? HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Bind9 AD SDLZ driver failed to load
You get the error: 11-Sep-2013 11:29:11.277 dlz_dlopen of 'AD DNS Zone' failed Replace AD DNS Zone in the file /usr/local/samba/private/named.conf; with your dns domain. dlz AD DNS Zone {..} - dlz example.com {...} and restart bind. Regards Davor Vusir -- From: Robert Millott r...@millottandassociates.com Sent: Wednesday, September 11, 2013 5:32 PM To: samba@lists.samba.org Subject: [Samba] Bind9 AD SDLZ driver failed to load I installed Bind9 on a new ubuntu 13.04 server using apt-get install bind9 and am trying to integrate AD into it. Bind starts fine and will resolve my domain and computer names, but when I add the line include /usr/local/samba/private/named.conf into /etc/bind/named.conf, Bind9 fails to start. I have edited that file to ensure the correct line is included for Bind 9.9, and I am not getting any apparmor errors in my logs, but it will not start. The last paste to this message is me running named -g -d 9 and you can see where SDLZ failes to load, but no reason is given. I see no useful errors, so don't know where to begin fixing it Thanx for the help Here is some of my configurations named -V BIND 9.9.2-P1 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' using OpenSSL version: OpenSSL 1.0.1c 10 May 2012 using libxml2 version: 2.9.0 cat /etc/bind/named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include /etc/bind/named.conf.options; include /etc/bind/named.conf.local; include /etc/bind/named.conf.default-zones; include /usr/local/samba/private/named.conf; cat /etc/bind/named.conf.options options { directory /etc/bind; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 8.8.8.8; 8.8.4.4; }; // // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys // dnssec-validation auto; auth-nxdomain yes;# conform to RFC1035 listen-on-v6 { none; }; allow-transfer {none;}; notify no; allow-query { xxx.xxx.xxx.xxx/24; // other networks you want to allow to query your DNS }; allow-recursion { xxx.xxx.xxx.xxx/24; //other networks you want to allow to do recurrsive queries }; tkey-gssapi-keytab /usr/local/samba/private/dns.keytab; }; cat /usr/local/samba/private/named.conf # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support. # # This file should be included in your main BIND configuration file # # For example with # include /usr/local/samba/private/named.conf; # # This configures dynamically loadable zones (DLZ) from AD schema # Uncomment only single database line, depending on your BIND version # dlz AD DNS Zone { # For BIND 9.8.0 #database dlopen /usr/local/samba/lib/bind9/dlz_bind9.so; # For BIND 9.9.0 database dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so; }; named -g -d 9 11-Sep-2013 11:29:11.242 starting BIND 9.9.2-P1 -g -d 9 11-Sep-2013 11:29:11.243 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 11-Sep-2013 11:29:11.243 11-Sep-2013 11:29:11.243 BIND 9 is maintained by Internet Systems Consortium, 11-Sep-2013 11:29:11.243 Inc. (ISC), a non-profit 501(c)(3) public-benefit 11-Sep-2013 11:29:11.243 corporation. Support and training for BIND 9 are 11-Sep-2013
[Samba] Bind9 AD SDLZ driver failed to load
I installed Bind9 on a new ubuntu 13.04 server using apt-get install bind9 and am trying to integrate AD into it. Bind starts fine and will resolve my domain and computer names, but when I add the line include /usr/local/samba/private/named.conf into /etc/bind/named.conf, Bind9 fails to start. I have edited that file to ensure the correct line is included for Bind 9.9, and I am not getting any apparmor errors in my logs, but it will not start. The last paste to this message is me running named -g -d 9 and you can see where SDLZ failes to load, but no reason is given. I see no useful errors, so don't know where to begin fixing it Thanx for the help Here is some of my configurations named -V BIND 9.9.2-P1 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' using OpenSSL version: OpenSSL 1.0.1c 10 May 2012 using libxml2 version: 2.9.0 cat /etc/bind/named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include /etc/bind/named.conf.options; include /etc/bind/named.conf.local; include /etc/bind/named.conf.default-zones; include /usr/local/samba/private/named.conf; cat /etc/bind/named.conf.options options { directory /etc/bind; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 8.8.8.8; 8.8.4.4; }; // // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys // dnssec-validation auto; auth-nxdomain yes;# conform to RFC1035 listen-on-v6 { none; }; allow-transfer {none;}; notify no; allow-query { xxx.xxx.xxx.xxx/24; // other networks you want to allow to query your DNS }; allow-recursion { xxx.xxx.xxx.xxx/24; //other networks you want to allow to do recurrsive queries }; tkey-gssapi-keytab /usr/local/samba/private/dns.keytab; }; cat /usr/local/samba/private/named.conf # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support. # # This file should be included in your main BIND configuration file # # For example with # include /usr/local/samba/private/named.conf; # # This configures dynamically loadable zones (DLZ) from AD schema # Uncomment only single database line, depending on your BIND version # dlz AD DNS Zone { # For BIND 9.8.0 #database dlopen /usr/local/samba/lib/bind9/dlz_bind9.so; # For BIND 9.9.0 database dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so; }; named -g -d 9 11-Sep-2013 11:29:11.242 starting BIND 9.9.2-P1 -g -d 9 11-Sep-2013 11:29:11.243 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 11-Sep-2013 11:29:11.243 11-Sep-2013 11:29:11.243 BIND 9 is maintained by Internet Systems Consortium, 11-Sep-2013 11:29:11.243 Inc. (ISC), a non-profit 501(c)(3) public-benefit 11-Sep-2013 11:29:11.243 corporation. Support and training for BIND 9 are 11-Sep-2013 11:29:11.243 available at https://www.isc.org/support 11-Sep-2013 11:29:11.243 11-Sep-2013 11:29:11.243 adjusted limit on open files from 4096 to 1048576 11-Sep-2013 11:29:11.243 found 2 CPUs, using 2 worker threads 11-Sep-2013 11:29:11.243 using 2 UDP listeners per interface 11-Sep-2013 11:29:11.243 using up to 4096 sockets 11-Sep-2013 11:29:11.244 Registering DLZ_dlopen driver 11-Sep-2013 11:29:11.244