Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 9 May 2020 14:59:51 -0400
From:      "James B. Byrne" <>
To:        "Andrea Venturoli" <>
Subject:   Re: samba4-3 issue
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On Sat, May 9, 2020 13:10, Andrea Venturoli wrote:
> On 2020-05-08 22:12, James B. Byrne via freebsd-questions wrote:
>> Due to a finger fumble the samba43 pkg on a DC was deleted.
> Ugh... that's so old!
> You don't tell, anyway, whether you installed 43 again or move to a new
> version...

I re-installed the same pkg that I had deleted from the pkg.txz file in

>> I reinstalled bind911 as that pkg was in /var/db/cache.  I also reinstall
>> samba-nsupdate from the same source. However, neither create /usr/sbin/rndc.
> I would have been suprised, as no package/port should install any binary
> outside /usr/local. bind911 will install rndc under /usr/local/sbin.
> What's your FreeBSD version?

> Possibly /usr/sbin/rndc was there until BIND was removed from base; I
> don't remember which version made that happen.
No, I reinstalled bind911 from the pkg cache as well and it created

> (Or possibly, if you changed Samba version, that's the reason it behaves
> differently).

No, it is exactly the same samba pkg that was last updated.

>> If I soft link /usr/sbin/rndc to /usr/local/sbin/rndc
> I would suggest setting "rndc command" in smb.conf, instead.
I can do that.

>> then I get these error messages instead:
>> /usr/sbin/rndc: rndc: neither /usr/local/etc/namedb/rndc.conf nor
>> /usr/local/etc/namedb/rndc.key was found
> You don't have those files, do you?
> Try and look below /var, as sometimes BIND is installed chrooted. If now
> it's not chrooted anymore you'll either have to chroot it again (and
> AFAIR that might not be supported anymore) or move its config files into
> place.

[root@SAMBA-01 ~]# find /var -name named.conf
[root@SAMBA-01 ~]#

Nothing there.

My problem with rndc is where is samba looking for named.conf?  I can set any
arbitrary key value in rndc.conf or rndc.key but I also need to set it where it
is used by samab.  Where is that?  According to man smb4.conf the named.conf
should be found in:

Default: binddns dir = ${prefix}/bind-dns

But there is no such directory

[root@SAMBA-01 ~]# find / -name bind-dns
[root@SAMBA-01 ~]#

There is a named.conf in /usr/local/share/samba43/setup/ but that is only an
example to be appended to the actual bind named.conf.  It refers to an
environment variable called NAMED_CONF:

# For example with
# include "${NAMED_CONF}";

zone "${DNSDOMAIN}." IN {
	type master;
	file "${ZONE_FILE}";
	 * the list of principals and what they can change is created
	 * dynamically by Samba, based on the membership of the domain controllers
	 * group. The provision just creates this file as an empty file.
	include "${NAMED_CONF_UPDATE}";

	/* we need to use check-names ignore so _msdcs A records can be created */
	check-names ignore;

# The reverse zone configuration is optional.  The following example assumes a
# subnet of

zone "" in {
	type master;
	file "";
	update-policy {
		grant ${REALM_WC} wildcard * PTR;

# Note that the reverse zone file is not created during the provision process.

# The most recent BIND versions (9.8 or later) support secure GSS-TSIG
# updates.  If you are running an earlier version of BIND, or if you do not wish
# to use secure GSS-TSIG updates, you may remove the update-policy sections in
# both examples above.


>> Any help appreciated.
> Don't know if I did; HTH.

Help is help.  Thanks.


***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne      
Harte & Lyne Limited
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

Want to link to this message? Use this URL: <>