Re: [Samba] Bind9 AD SDLZ driver failed to load
This is mine working on centos 6:
[root@s4master ~]# named -V
BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 built with
'--host=x86_64-redhat-linux-gnu' '--build=x86_64-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
'--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool'
'--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic'
'--disable-static' '--disable-openssl-version-check' '--with-dlopen=yes'
'--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
'--with-dlz-filesystem=yes' '--with-gssapi=/usr/include/gssapi'
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
'--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS=
-DDIG_SIGCHASE'
using OpenSSL version: OpenSSL 1.0.0 29 Mar 2010
using libxml2 version: 2.7.6
What about with-dlopen and your correct path to '--with-geoip=/usr'
---
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Robert Millott
Gesendet: Mittwoch, 11. September 2013 17:33
An: samba@lists.samba.org
Betreff: [Samba] Bind9 AD SDLZ driver failed to load
I installed Bind9 on a new ubuntu 13.04 server using
apt-get install bind9
and am trying to integrate AD into it. Bind starts fine and will resolve my
domain and computer names, but when I add the line include
/usr/local/samba/private/named.conf
into /etc/bind/named.conf, Bind9 fails to start. I have edited that file to
ensure the correct line is included for Bind 9.9, and I am not getting any
apparmor errors in my logs, but it will not start.
The last paste to this message is me running named -g -d 9 and you can see
where SDLZ failes to load, but no reason is given.
I see no useful errors, so don't know where to begin fixing it
Thanx for the help
Here is some of my configurations
named -V
BIND 9.9.2-P1 built with '--prefix=/usr' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var'
'--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared'
'--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
using OpenSSL version: OpenSSL 1.0.1c 10 May 2012 using libxml2 version:
2.9.0
cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include /etc/bind/named.conf.options;
include /etc/bind/named.conf.local;
include /etc/bind/named.conf.default-zones;
include /usr/local/samba/private/named.conf;
cat /etc/bind/named.conf.options
options {
directory /etc/bind;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8; 8.8.4.4;
};
//
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys
//
dnssec-validation auto;
auth-nxdomain yes;# conform to RFC1035
listen-on-v6 { none; };
allow-transfer {none;};
notify no;
allow-query {
xxx.xxx.xxx.xxx/24;
// other networks you want to allow to query your DNS
};
allow-recursion {
xxx.xxx.xxx.xxx/24;
//other networks you want to allow to do recurrsive queries
};
tkey-gssapi-keytab /usr/local/samba/private/dns.keytab;
};
cat /usr/local/samba/private/named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should
Re: [Samba] Bind9 AD SDLZ driver failed to load
On Wed, 2013-09-11 at 11:32 -0400, Robert Millott wrote: I installed Bind9 on a new ubuntu 13.04 server using apt-get install bind9 and am trying to integrate AD into it. Bind starts fine and will resolve my domain and computer names, but when I add the line include /usr/local/samba/private/named.conf into /etc/bind/named.conf, Bind9 fails to start. Ho On Ubuntu, I think bind runs as user bind. Can bind read/get into to beable to read the dns partition at /sam.ldb.d, /dns and dns.keytab under /usr/local/samba/private? HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Bind9 AD SDLZ driver failed to load
You get the error: 11-Sep-2013 11:29:11.277 dlz_dlopen of 'AD DNS Zone'
failed
Replace AD DNS Zone in the file
/usr/local/samba/private/named.conf;
with your dns domain.
dlz AD DNS Zone {..} - dlz example.com {...}
and restart bind.
Regards
Davor Vusir
--
From: Robert Millott r...@millottandassociates.com
Sent: Wednesday, September 11, 2013 5:32 PM
To: samba@lists.samba.org
Subject: [Samba] Bind9 AD SDLZ driver failed to load
I installed Bind9 on a new ubuntu 13.04 server using
apt-get install bind9
and am trying to integrate AD into it. Bind starts fine and will resolve
my
domain and computer names, but when I add the line
include /usr/local/samba/private/named.conf
into /etc/bind/named.conf, Bind9 fails to start. I have edited that file
to ensure the correct line is included for Bind 9.9, and I am not getting
any apparmor errors in my logs, but it will not start.
The last paste to this message is me running named -g -d 9 and you can see
where SDLZ failes to load, but no reason is given.
I see no useful errors, so don't know where to begin fixing it
Thanx for the help
Here is some of my configurations
named -V
BIND 9.9.2-P1 built with '--prefix=/usr' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--sysconfdir=/etc/bind'
'--localstatedir=/var'
'--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared'
'--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
using OpenSSL version: OpenSSL 1.0.1c 10 May 2012
using libxml2 version: 2.9.0
cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on
the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include /etc/bind/named.conf.options;
include /etc/bind/named.conf.local;
include /etc/bind/named.conf.default-zones;
include /usr/local/samba/private/named.conf;
cat /etc/bind/named.conf.options
options {
directory /etc/bind;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses
replacing
// the all-0's placeholder.
forwarders {
8.8.8.8; 8.8.4.4;
};
//
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys
//
dnssec-validation auto;
auth-nxdomain yes;# conform to RFC1035
listen-on-v6 { none; };
allow-transfer {none;};
notify no;
allow-query {
xxx.xxx.xxx.xxx/24;
// other networks you want to allow to query your DNS
};
allow-recursion {
xxx.xxx.xxx.xxx/24;
//other networks you want to allow to do recurrsive queries
};
tkey-gssapi-keytab /usr/local/samba/private/dns.keytab;
};
cat /usr/local/samba/private/named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen
support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include /usr/local/samba/private/named.conf;
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz AD DNS Zone {
# For BIND 9.8.0
#database dlopen /usr/local/samba/lib/bind9/dlz_bind9.so;
# For BIND 9.9.0
database dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so;
};
named -g -d 9
11-Sep-2013 11:29:11.242 starting BIND 9.9.2-P1 -g -d 9
11-Sep-2013 11:29:11.243 built with '--prefix=/usr'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
'--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static'
'--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld'
'--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
11-Sep-2013 11:29:11.243
11-Sep-2013 11:29:11.243 BIND 9 is maintained by Internet Systems
Consortium,
11-Sep-2013 11:29:11.243 Inc. (ISC), a non-profit 501(c)(3) public-benefit
11-Sep-2013 11:29:11.243 corporation. Support and training for BIND 9 are
11-Sep-2013
[Samba] Bind9 AD SDLZ driver failed to load
I installed Bind9 on a new ubuntu 13.04 server using
apt-get install bind9
and am trying to integrate AD into it. Bind starts fine and will resolve my
domain and computer names, but when I add the line
include /usr/local/samba/private/named.conf
into /etc/bind/named.conf, Bind9 fails to start. I have edited that file
to ensure the correct line is included for Bind 9.9, and I am not getting
any apparmor errors in my logs, but it will not start.
The last paste to this message is me running named -g -d 9 and you can see
where SDLZ failes to load, but no reason is given.
I see no useful errors, so don't know where to begin fixing it
Thanx for the help
Here is some of my configurations
named -V
BIND 9.9.2-P1 built with '--prefix=/usr' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var'
'--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared'
'--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
using OpenSSL version: OpenSSL 1.0.1c 10 May 2012
using libxml2 version: 2.9.0
cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include /etc/bind/named.conf.options;
include /etc/bind/named.conf.local;
include /etc/bind/named.conf.default-zones;
include /usr/local/samba/private/named.conf;
cat /etc/bind/named.conf.options
options {
directory /etc/bind;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8; 8.8.4.4;
};
//
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys
//
dnssec-validation auto;
auth-nxdomain yes;# conform to RFC1035
listen-on-v6 { none; };
allow-transfer {none;};
notify no;
allow-query {
xxx.xxx.xxx.xxx/24;
// other networks you want to allow to query your DNS
};
allow-recursion {
xxx.xxx.xxx.xxx/24;
//other networks you want to allow to do recurrsive queries
};
tkey-gssapi-keytab /usr/local/samba/private/dns.keytab;
};
cat /usr/local/samba/private/named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include /usr/local/samba/private/named.conf;
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz AD DNS Zone {
# For BIND 9.8.0
#database dlopen /usr/local/samba/lib/bind9/dlz_bind9.so;
# For BIND 9.9.0
database dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so;
};
named -g -d 9
11-Sep-2013 11:29:11.242 starting BIND 9.9.2-P1 -g -d 9
11-Sep-2013 11:29:11.243 built with '--prefix=/usr'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
'--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static'
'--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld'
'--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
11-Sep-2013 11:29:11.243
11-Sep-2013 11:29:11.243 BIND 9 is maintained by Internet Systems
Consortium,
11-Sep-2013 11:29:11.243 Inc. (ISC), a non-profit 501(c)(3) public-benefit
11-Sep-2013 11:29:11.243 corporation. Support and training for BIND 9 are
11-Sep-2013 11:29:11.243 available at https://www.isc.org/support
11-Sep-2013 11:29:11.243
11-Sep-2013 11:29:11.243 adjusted limit on open files from 4096 to 1048576
11-Sep-2013 11:29:11.243 found 2 CPUs, using 2 worker threads
11-Sep-2013 11:29:11.243 using 2 UDP listeners per interface
11-Sep-2013 11:29:11.243 using up to 4096 sockets
11-Sep-2013 11:29:11.244 Registering DLZ_dlopen driver
11-Sep-2013 11:29:11.244
