Date: Sat, 9 May 2020 14:59:51 -0400 From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: "Andrea Venturoli" <ml@netfence.it> Cc: freebsd-questions@freebsd.org Subject: Re: samba4-3 issue Message-ID: <aff897cc2b04305a0280688b211008a3.squirrel@webmail.harte-lyne.ca> In-Reply-To: <6d6ab236-d9f8-ba93-eed0-bf759d1bb9ab@netfence.it> References: <8434b4142984ef08622a8f4fb4eb53bc.squirrel@webmail.harte-lyne.ca> <6d6ab236-d9f8-ba93-eed0-bf759d1bb9ab@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, May 9, 2020 13:10, Andrea Venturoli wrote:
> On 2020-05-08 22:12, James B. Byrne via freebsd-questions wrote:
>> Due to a finger fumble the samba43 pkg on a DC was deleted.
>
> Ugh... that's so old!
> You don't tell, anyway, whether you installed 43 again or move to a new
> version...
I re-installed the same pkg that I had deleted from the pkg.txz file in
/var/db/cache/pkg
>
>
>
>> I reinstalled bind911 as that pkg was in /var/db/cache. I also reinstall
>> samba-nsupdate from the same source. However, neither create /usr/sbin/rndc.
>
> I would have been suprised, as no package/port should install any binary
> outside /usr/local. bind911 will install rndc under /usr/local/sbin.
>
> What's your FreeBSD version?
10.3
> Possibly /usr/sbin/rndc was there until BIND was removed from base; I
> don't remember which version made that happen.
No, I reinstalled bind911 from the pkg cache as well and it created
/usr/local/sbin/rndc
> (Or possibly, if you changed Samba version, that's the reason it behaves
> differently).
No, it is exactly the same samba pkg that was last updated.
>> If I soft link /usr/sbin/rndc to /usr/local/sbin/rndc
>
> I would suggest setting "rndc command" in smb.conf, instead.
I can do that.
>
>
>
>> then I get these error messages instead:
>>
>> /usr/sbin/rndc: rndc: neither /usr/local/etc/namedb/rndc.conf nor
>> /usr/local/etc/namedb/rndc.key was found
>
> You don't have those files, do you?
> Try and look below /var, as sometimes BIND is installed chrooted. If now
> it's not chrooted anymore you'll either have to chroot it again (and
> AFAIR that might not be supported anymore) or move its config files into
> place.
[root@SAMBA-01 ~]# find /var -name named.conf
[root@SAMBA-01 ~]#
Nothing there.
My problem with rndc is where is samba looking for named.conf? I can set any
arbitrary key value in rndc.conf or rndc.key but I also need to set it where it
is used by samab. Where is that? According to man smb4.conf the named.conf
should be found in:
Default: binddns dir = ${prefix}/bind-dns
But there is no such directory
[root@SAMBA-01 ~]# find / -name bind-dns
[root@SAMBA-01 ~]#
There is a named.conf in /usr/local/share/samba43/setup/ but that is only an
example to be appended to the actual bind named.conf. It refers to an
environment variable called NAMED_CONF:
#BOF
# For example with
# include "${NAMED_CONF}";
zone "${DNSDOMAIN}." IN {
type master;
file "${ZONE_FILE}";
/*
* the list of principals and what they can change is created
* dynamically by Samba, based on the membership of the domain controllers
* group. The provision just creates this file as an empty file.
*/
include "${NAMED_CONF_UPDATE}";
/* we need to use check-names ignore so _msdcs A records can be created */
check-names ignore;
};
# The reverse zone configuration is optional. The following example assumes a
# subnet of 192.168.123.0/24:
/*
zone "123.168.192.in-addr.arpa" in {
type master;
file "123.168.192.in-addr.arpa.zone";
update-policy {
grant ${REALM_WC} wildcard *.123.168.192.in-addr.arpa. PTR;
};
};
*/
# Note that the reverse zone file is not created during the provision process.
# The most recent BIND versions (9.8 or later) support secure GSS-TSIG
# updates. If you are running an earlier version of BIND, or if you do not wish
# to use secure GSS-TSIG updates, you may remove the update-policy sections in
# both examples above.
#EOF
>
>
>
>> Any help appreciated.
>
> Don't know if I did; HTH.
>
>
Help is help. Thanks.
Regards,
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?aff897cc2b04305a0280688b211008a3.squirrel>