From owner-freebsd-questions@freebsd.org Sat May 9 18:59:59 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 348302F3405 for ; Sat, 9 May 2020 18:59:59 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from mx32.harte-lyne.ca (mx32.harte-lyne.ca [216.185.71.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mx32.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 49KGjB4lsQz4CsZ for ; Sat, 9 May 2020 18:59:58 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from mx32.harte-lyne.ca (localhost [127.0.32.1]) by mx32.harte-lyne.ca (Postfix) with ESMTP id 8BA0621C9A; Sat, 9 May 2020 14:59:57 -0400 (EDT) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from mx32.harte-lyne.ca ([127.0.32.1]) by mx32.harte-lyne.ca (mx32.harte-lyne.ca [127.0.32.1]) (amavisd-new, port 10024) with ESMTP id 9Y5EAsKLoOVk; Sat, 9 May 2020 14:59:51 -0400 (EDT) Received: from webmail.harte-lyne.ca (webmail.hamilton.harte-lyne.ca [216.185.71.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx32.harte-lyne.ca (Postfix) with ESMTPSA id D33FF21C8F; Sat, 9 May 2020 14:59:50 -0400 (EDT) Received: from 216.185.71.124 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Sat, 9 May 2020 14:59:51 -0400 Message-ID: In-Reply-To: <6d6ab236-d9f8-ba93-eed0-bf759d1bb9ab@netfence.it> References: <8434b4142984ef08622a8f4fb4eb53bc.squirrel@webmail.harte-lyne.ca> <6d6ab236-d9f8-ba93-eed0-bf759d1bb9ab@netfence.it> Date: Sat, 9 May 2020 14:59:51 -0400 Subject: Re: samba4-3 issue From: "James B. Byrne" To: "Andrea Venturoli" Cc: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.23 [SVN] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Rspamd-Queue-Id: 49KGjB4lsQz4CsZ X-Spamd-Bar: -------- X-Spamd-Result: default: False [-8.48 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[harte-lyne.ca:s=dkim_hll]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:216.185.71.0/26]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; REPLYTO_ADDR_EQ_FROM(0.00)[]; HAS_REPLYTO(0.00)[byrnejb@harte-lyne.ca]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; DWL_DNSWL_LOW(-1.00)[harte-lyne.ca.dwl.dnswl.org : 127.0.4.1]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[harte-lyne.ca:+]; RCPT_COUNT_TWO(0.00)[2]; HAS_X_PRIO_THREE(0.00)[3]; RCVD_IN_DNSWL_MED(-0.20)[32.71.185.216.list.dnswl.org : 127.0.4.2]; DMARC_POLICY_ALLOW(-0.50)[harte-lyne.ca,quarantine]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:12021, ipnet:216.185.64.0/20, country:CA]; IP_SCORE(-3.78)[ip: (-9.90), ipnet: 216.185.64.0/20(-4.94), asn: 12021(-3.95), country: CA(-0.09)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.32 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 May 2020 18:59:59 -0000 On Sat, May 9, 2020 13:10, Andrea Venturoli wrote: > On 2020-05-08 22:12, James B. Byrne via freebsd-questions wrote: >> Due to a finger fumble the samba43 pkg on a DC was deleted. > > Ugh... that's so old! > You don't tell, anyway, whether you installed 43 again or move to a new > version... I re-installed the same pkg that I had deleted from the pkg.txz file in /var/db/cache/pkg > > > >> I reinstalled bind911 as that pkg was in /var/db/cache. I also reinstall >> samba-nsupdate from the same source. However, neither create /usr/sbin/rndc. > > I would have been suprised, as no package/port should install any binary > outside /usr/local. bind911 will install rndc under /usr/local/sbin. > > What's your FreeBSD version? 10.3 > Possibly /usr/sbin/rndc was there until BIND was removed from base; I > don't remember which version made that happen. No, I reinstalled bind911 from the pkg cache as well and it created /usr/local/sbin/rndc > (Or possibly, if you changed Samba version, that's the reason it behaves > differently). No, it is exactly the same samba pkg that was last updated. >> If I soft link /usr/sbin/rndc to /usr/local/sbin/rndc > > I would suggest setting "rndc command" in smb.conf, instead. I can do that. > > > >> then I get these error messages instead: >> >> /usr/sbin/rndc: rndc: neither /usr/local/etc/namedb/rndc.conf nor >> /usr/local/etc/namedb/rndc.key was found > > You don't have those files, do you? > Try and look below /var, as sometimes BIND is installed chrooted. If now > it's not chrooted anymore you'll either have to chroot it again (and > AFAIR that might not be supported anymore) or move its config files into > place. [root@SAMBA-01 ~]# find /var -name named.conf [root@SAMBA-01 ~]# Nothing there. My problem with rndc is where is samba looking for named.conf? I can set any arbitrary key value in rndc.conf or rndc.key but I also need to set it where it is used by samab. Where is that? According to man smb4.conf the named.conf should be found in: Default: binddns dir = ${prefix}/bind-dns But there is no such directory [root@SAMBA-01 ~]# find / -name bind-dns [root@SAMBA-01 ~]# There is a named.conf in /usr/local/share/samba43/setup/ but that is only an example to be appended to the actual bind named.conf. It refers to an environment variable called NAMED_CONF: #BOF # For example with # include "${NAMED_CONF}"; zone "${DNSDOMAIN}." IN { type master; file "${ZONE_FILE}"; /* * the list of principals and what they can change is created * dynamically by Samba, based on the membership of the domain controllers * group. The provision just creates this file as an empty file. */ include "${NAMED_CONF_UPDATE}"; /* we need to use check-names ignore so _msdcs A records can be created */ check-names ignore; }; # The reverse zone configuration is optional. The following example assumes a # subnet of 192.168.123.0/24: /* zone "123.168.192.in-addr.arpa" in { type master; file "123.168.192.in-addr.arpa.zone"; update-policy { grant ${REALM_WC} wildcard *.123.168.192.in-addr.arpa. PTR; }; }; */ # Note that the reverse zone file is not created during the provision process. # The most recent BIND versions (9.8 or later) support secure GSS-TSIG # updates. If you are running an earlier version of BIND, or if you do not wish # to use secure GSS-TSIG updates, you may remove the update-policy sections in # both examples above. #EOF > > > >> Any help appreciated. > > Don't know if I did; HTH. > > Help is help. Thanks. Regards, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3