Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 9 May 2020 14:59:51 -0400
From:      "James B. Byrne" <byrnejb@harte-lyne.ca>
To:        "Andrea Venturoli" <ml@netfence.it>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: samba4-3 issue
Message-ID:  <aff897cc2b04305a0280688b211008a3.squirrel@webmail.harte-lyne.ca>
In-Reply-To: <6d6ab236-d9f8-ba93-eed0-bf759d1bb9ab@netfence.it>
References:  <8434b4142984ef08622a8f4fb4eb53bc.squirrel@webmail.harte-lyne.ca> <6d6ab236-d9f8-ba93-eed0-bf759d1bb9ab@netfence.it>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help


On Sat, May 9, 2020 13:10, Andrea Venturoli wrote:
> On 2020-05-08 22:12, James B. Byrne via freebsd-questions wrote:
>> Due to a finger fumble the samba43 pkg on a DC was deleted.
>
> Ugh... that's so old!
> You don't tell, anyway, whether you installed 43 again or move to a new
> version...

I re-installed the same pkg that I had deleted from the pkg.txz file in
/var/db/cache/pkg

>
>
>
>> I reinstalled bind911 as that pkg was in /var/db/cache.  I also reinstall
>> samba-nsupdate from the same source. However, neither create /usr/sbin/rndc.
>
> I would have been suprised, as no package/port should install any binary
> outside /usr/local. bind911 will install rndc under /usr/local/sbin.
>
> What's your FreeBSD version?
10.3

> Possibly /usr/sbin/rndc was there until BIND was removed from base; I
> don't remember which version made that happen.
No, I reinstalled bind911 from the pkg cache as well and it created
/usr/local/sbin/rndc

> (Or possibly, if you changed Samba version, that's the reason it behaves
> differently).

No, it is exactly the same samba pkg that was last updated.


>> If I soft link /usr/sbin/rndc to /usr/local/sbin/rndc
>
> I would suggest setting "rndc command" in smb.conf, instead.
I can do that.

>
>
>
>> then I get these error messages instead:
>>
>> /usr/sbin/rndc: rndc: neither /usr/local/etc/namedb/rndc.conf nor
>> /usr/local/etc/namedb/rndc.key was found
>
> You don't have those files, do you?
> Try and look below /var, as sometimes BIND is installed chrooted. If now
> it's not chrooted anymore you'll either have to chroot it again (and
> AFAIR that might not be supported anymore) or move its config files into
> place.

[root@SAMBA-01 ~]# find /var -name named.conf
[root@SAMBA-01 ~]#

Nothing there.

My problem with rndc is where is samba looking for named.conf?  I can set any
arbitrary key value in rndc.conf or rndc.key but I also need to set it where it
is used by samab.  Where is that?  According to man smb4.conf the named.conf
should be found in:

Default: binddns dir = ${prefix}/bind-dns

But there is no such directory

[root@SAMBA-01 ~]# find / -name bind-dns
[root@SAMBA-01 ~]#

There is a named.conf in /usr/local/share/samba43/setup/ but that is only an
example to be appended to the actual bind named.conf.  It refers to an
environment variable called NAMED_CONF:

#BOF
# For example with
# include "${NAMED_CONF}";

zone "${DNSDOMAIN}." IN {
	type master;
	file "${ZONE_FILE}";
	/*
	 * the list of principals and what they can change is created
	 * dynamically by Samba, based on the membership of the domain controllers
	 * group. The provision just creates this file as an empty file.
	 */
	include "${NAMED_CONF_UPDATE}";

	/* we need to use check-names ignore so _msdcs A records can be created */
	check-names ignore;
};

# The reverse zone configuration is optional.  The following example assumes a
# subnet of 192.168.123.0/24:

/*
zone "123.168.192.in-addr.arpa" in {
	type master;
	file "123.168.192.in-addr.arpa.zone";
	update-policy {
		grant ${REALM_WC} wildcard *.123.168.192.in-addr.arpa. PTR;
	};
};
*/

# Note that the reverse zone file is not created during the provision process.

# The most recent BIND versions (9.8 or later) support secure GSS-TSIG
# updates.  If you are running an earlier version of BIND, or if you do not wish
# to use secure GSS-TSIG updates, you may remove the update-policy sections in
# both examples above.

#EOF

>
>
>
>> Any help appreciated.
>
> Don't know if I did; HTH.
>
>

Help is help.  Thanks.

Regards,

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?aff897cc2b04305a0280688b211008a3.squirrel>