[Bug 1670450] Re: samba4 bind dlz module stops working on rndc reload
Stéphane Berthelot
sberthelot at emisfr.com
Tue Mar 7 11:49:52 UTC 2017
Hello and thanks for taking time to look at this bug.
I have just setup a VM to test this and upgraded to zesty, all of
xenial, yakkety AND zesty behave the same and present this bug.
To test it quickly if you need to reproduce, I have only setup an AD with "samba-tool domain provision", adjusted named configuration (include samba generated files for named) and then do a "
rndc zonestatus ad.dns.zone", a "rndc reload", and again a "rndc zonestatus ad.dns.zone".
On zesty I also had an apparmor permission denied on start because named
couldn't file_mmap the dlz module (.so)
mars 07 12:38:51 l00p2 kernel: audit: type=1400
audit(1488886731.112:59): apparmor="DENIED" operation="file_mmap"
profile="/usr/sbin/named" name="/usr/lib/x86_64-linux-
gnu/samba/bind9/dlz_bind9_10.so" pid=3149 comm="named"
requested_mask="m" denied_mask="m" fsuid=120 ouid=0
(while adding "/usr/lib{,32,64}/**/*.so* mr," in
/etc/apparmor.d/usr.sbin.named I could start named again, maybe I should
file a different bug report)
I am adding my complete /etc/apparmor.d/usr.sbin.named if you need to
reproduce since it also contains other lines according to Samba official
Bind9_DLZ integration guide.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1670450
Title:
samba4 bind dlz module stops working on rndc reload
Status in samba:
Unknown
Status in samba package in Ubuntu:
Triaged
Bug description:
I am encountering the exact same problem as described in this bug report.
A patch seems available and should fix the problem.
https://forge.univention.org/bugzilla/show_bug.cgi?id=39139
When reloading bind while I have samba setup as a PDC and using BIND9_DLZ module, the zone is deleted.
Restarting named makes it work again but is not usable seems many scripts (logrotate) use reload by default.
Issuing a simple "rndc zonestatus ad.zone" just after restart is OK, and after reload I get a "rndc: 'zonestatus' failed: not found
no matching zone 'ad.zone' in any view"
This may cause a lot of trouble for dynamic updates on somewhat
complex setups with Samba as a PDC (samba internal DNS server is
really limited...)
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: samba 2:4.3.11+dfsg-0ubuntu0.16.04.3
ProcVersionSignature: Ubuntu 4.8.0-39.42~16.04.1-generic 4.8.17
Uname: Linux 4.8.0-39-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
Date: Mon Mar 6 19:00:47 2017
InstallationDate: Installed on 2017-02-24 (10 days ago)
InstallationMedia: Ubuntu-Server 16.04.2 LTS "Xenial Xerus" - Release amd64 (20170215.8)
NmbdLog:
OtherFailedConnect: Yes
SambaServerRegression: No
SmbConfIncluded: Yes
SmbLog:
SourcePackage: samba
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1670450/+subscriptions
More information about the foundations-bugs
mailing list