Вопросы Теги

Почему bind9 не запускается с Samba 4 AD DC? [закрыто]

Я выполнил это руководство по установке Samba 4 в качестве контроллера домена Active Directory и застрял при запуске bind9.

Вот несколько важных файлов конфигурации и журналов.

tail / var / log / syslog : 

Mar  2 23:02:11 mail named[3552]: listening on IPv4 interface eth0, 31.31.79.102#53
Mar  2 23:02:11 mail named[3552]: generating session key for dynamic DNS
Mar  2 23:02:11 mail named[3552]: sizing zone task pool based on 5 zones
Mar  2 23:02:11 mail named[3552]: Loading 'AD DNS Zone' using driver dlopen
Mar  2 23:02:11 mail named[3552]: samba_dlz: Failed to connect to /var/lib/samba/private/dns/sam.ldb
Mar  2 23:02:11 mail named[3552]: dlz_dlopen of 'AD DNS Zone' failed
Mar  2 23:02:11 mail named[3552]: SDLZ driver failed to load.
Mar  2 23:02:11 mail named[3552]: DLZ driver failed to load.
Mar  2 23:02:11 mail named[3552]: loading configuration: failure
Mar  2 23:02:11 mail named[3552]: exiting (due to fatal error)

ls -l / var / lib / samba / private / dns / : 

total 144
-rwxrwxrwx 1 root memcache 143360 Mar  2 15:25 sam.ldb
drwxrwxrwx 2 root memcache   4096 Mar  2 15:25 sam.ldb.d

cat /etc/apparmor.d/usr.sbin. с именем : 

# vim:syntax=apparmor
# Last Modified: Fri Jun  1 16:43:22 2007
#include <tunables/global>

/usr/sbin/named {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  capability net_bind_service,
  capability setgid,
  capability setuid,
  capability sys_chroot,
  capability sys_resource,

  # /etc/bind should be read-only for bind
  # /var/lib/bind is for dynamically updated zone (and journal) files.
  # /var/cache/bind is for slave/stub data, since we're not the origin of it.
  # See /usr/share/doc/bind9/README.Debian.gz
  /etc/bind/** r,
  /var/lib/bind/** rw,
  /var/lib/bind/ rw,
  /var/cache/bind/** rw,
  /var/cache/bind/ rw,

  # gssapi
  /etc/krb5.keytab kr,
  /etc/bind/krb5.keytab kr,

  # ssl
  /etc/ssl/openssl.cnf r,

  # dnscvsutil package
  /var/lib/dnscvsutil/compiled/** rw,

  /proc/net/if_inet6 r,
  /proc/*/net/if_inet6 r,
  /usr/sbin/named mr,
  /{,var/}run/named/named.pid w,
  /{,var/}run/named/session.key w,
  # support for resolvconf
  /{,var/}run/named/named.options r,

  # some people like to put logs in /var/log/named/ instead of having
  # syslog do the heavy lifting.
  /var/log/named/** rw,
  /var/log/named/ rw,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.named>

  /var/lib/samba/private/** rkw,
  /var/lib/samba/private/dns/** rkw,
  /usr/lib/x86_64-linux-gnu/samba/bind9/** rm,
  /usr/lib/x86_64-linux-gnu/samba/gensec/** rm,
  /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/** rm,
  /usr/lib/x86_64-linux-gnu/samba/ldb/** rm,
  /usr/lib/x86_64-linux-gnu/plugin/krb5/** rm,
}

/etc/init.d/apparmor reload : 

 * Reloading AppArmor profiles
 Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
 [ OK ]

service bind9 start : 

 * Starting domain name service... bind9
 [fail]
0
задан 4 March 2013 в 12:55

2 ответа

Это каталог разрешений sam.ldb: 

chown named:named /usr/local/samba/private/dns
0
ответ дан 4 March 2013 в 12:55

Произошла плохая установка. Когда я переустановил, все началось правильно.

0
ответ дан 4 March 2013 в 12:55

Другие вопросы по тегам:

Похожие вопросы: