Merge ~ahasenack/ubuntu/+source/samba:jammy-samba-bind918 into ubuntu/+source/samba:ubuntu/devel
Status: | Merged | ||||
---|---|---|---|---|---|
Merged at revision: | 70e5e938e81d75618f077cb5e906ee9a35859549 | ||||
Proposed branch: | ~ahasenack/ubuntu/+source/samba:jammy-samba-bind918 | ||||
Merge into: | ubuntu/+source/samba:ubuntu/devel | ||||
Diff against target: |
159 lines (+118/-2) 5 files modified
debian/changelog (+11/-0) debian/patches/add-support-for-bind-918-2.patch (+51/-0) debian/patches/add-support-for-bind-918.patch (+54/-0) debian/patches/series (+2/-0) debian/samba-libs.install (+0/-2) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Bryce Harrington (community) | Approve | ||
Canonical Server | Pending | ||
Review via email: mp+417699@code.launchpad.net |
Description of the change
The diff won't look ok until my 0ubuntu3 upload is fully built (currently just riscv64 is missing, it takes over 4h), but it should be fine after that.
If it's too bad, then you can diff it against ahasenack/
I was waiting for upstream's final word on this, but it didn't come yet. I did test this with bind 9.18, and stated as such in the upstream bug.
Samba 4 AD DC provisioning is a bit fragile in the sense that many things need to be just right before the script will complete.
Here is a log of the provisioning I did to test this patch, with bind 9.18.0 (not 9.18.1) installed:
root@dc:~# samba-tool domain provision --domain=EXAMPLE --realm EXAMPLE.FAKE --adminpass=
INFO 2022-03-07 19:58:25,417 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:25,418 pid:12798 /usr/lib/
WARNING 2022-03-07 19:58:25,418 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:25,608 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:25,724 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:25,812 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:26,143 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:26,311 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:26,426 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:26,472 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:26,475 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:26,496 pid:12798 /usr/lib/
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
INFO 2022-03-07 19:58:26,585 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:26,628 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:26,681 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:29,077 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:29,187 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:30,708 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:30,747 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:30,749 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:30,750 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:30,753 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:30,754 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:30,858 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:30,907 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:30,995 pid:12798 /usr/lib/
check_spn_
'
Repacking database from v1 to v2 format (first record CN=ms-SPP-
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=411,
Repacking database from v1 to v2 format (first record CN=Distributed COM Users,CN=
INFO 2022-03-07 19:58:32,169 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:32,224 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:32,246 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:32,348 pid:12798 /usr/lib/
Repacking database from v1 to v2 format (first record DC=ForestDnsZon
Repacking database from v1 to v2 format (first record DC=_ldap.
INFO 2022-03-07 19:58:32,762 pid:12798 /usr/lib/
IND
INFO 2022-03-07 19:58:32,762 pid:12798 /usr/lib/
S updates
INFO 2022-03-07 19:58:32,823 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:32,834 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:33,601 pid:12798 /usr/lib/
ivate/krb5.conf
INFO 2022-03-07 19:58:33,603 pid:12798 /usr/lib/
. Do not create a symlink!
INFO 2022-03-07 19:58:33,708 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:33,838 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:33,839 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:33,839 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:33,840 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:33,840 pid:12798 /usr/lib/
INFO 2022-03-07 19:58:33,840 pid:12798 /usr/lib/
When bind is started, it logs for this zone:
Mar 25 18:42:48 dc.example.fake named[1415]: Loading 'AD DNS Zone' using driver dlopen
Mar 25 18:42:48 dc.example.fake named[1415]: samba_dlz: started for DN DC=example,DC=fake
Mar 25 18:42:48 dc.example.fake named[1415]: samba_dlz: starting configure
Mar 25 18:42:48 dc.example.fake named[1415]: samba_dlz: configured writeable zone 'example.fake'
Mar 25 18:42:48 dc.example.fake named[1415]: samba_dlz: configured writeable zone '_msdcs.
And it answers queries for computers that joined the domain:
root@dc:~# samba-tool computer list
DC$
MEMBER2$
root@dc:~# host member2.
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
member2.
And logs, after I turn on query log:
Mar 25 18:45:31 dc.example.fake named[1415]: client @0x7feb2ca30590 127.0.0.1#48281 (member2.
Mar 25 18:45:31 dc.example.fake named[1415]: client @0x7feb2ca30590 127.0.0.1#55542 (member2.
Mar 25 18:45:31 dc.example.fake named[1415]: client @0x7feb2ca30590 127.0.0.1#40791 (member2.
I have a PPA that does not have the ctdb mvp fixes that I just uploaded:
https:/
I'll reupload this right now.
I repeated the provisioning in my snapshotted vm using the samba packages from this ppa, that were just rebuilt, and bind 9.18.1 from jammy:
root@dc:~# samba-tool domain provision --domain=EXAMPLE --realm EXAMPLE.FAKE --adminpass= 'Passw0rd! ' --server-role=dc --use-rfc2307 --dns-backend= BIND9_DLZ python3/ dist-packages/ samba/provision /__init_ _.py #2105: Looking up IPv4 addresses python3/ dist-packages/ samba/provision /__init_ _.py #2122: Looking up IPv6 addresses python3/ dist-packages/ samba/provision /__init_ _.py #2129: No IPv6 address will be assigned python3/ dist-packages/ samba/provision /__init_ _.py #2271: Setting up share.ldb python3/ dist-packages/ samba/provision /__init_ _.py #2275: Setting up secrets.ldb python3/ dist-packages/ samba/provision /__init_ _.py #2280: Setting up the registry python3/ dist-packages/ samba/provision /__init_ _.py #2283: Setting up the privileges database python3/ dist-packages/ samba/provision /__init_ _.py #2286: Setting up idmap db python3/ dist-packages/ samba/provision /__init_ _.py #2293: Setting up SAM db python3/ dist-packages/ samba/provision /__init_ _.py #880: Setting up sam.ldb partitions and settings python3/ dist-packages/ samba/provision /__init_ _.py #892: Setting up sam.ldb rootDSE python3/ dist-packages/ samba/provision /__init_ _.py #1305: Pre-loading the Samba 4 and AD schema
INFO 2022-03-25 20:00:02,056 pid:929 /usr/lib/
INFO 2022-03-25 20:00:02,056 pid:929 /usr/lib/
WARNING 2022-03-25 20:00:02,057 pid:929 /usr/lib/
INFO 2022-03-25 20:00:02,278 pid:929 /usr/lib/
INFO 2022-03-25 20:00:02,402 pid:929 /usr/lib/
INFO 2022-03-25 20:00:02,492 pid:929 /usr/lib/
INFO 2022-03-25 20:00:02,747 pid:929 /usr/lib/
INFO 2022-03-25 20:00:02,896 pid:929 /usr/lib/
INFO 2022-03-25 20:00:03,044 pid:929 /usr/lib/
INFO 2022-03-25 20:00:03,113 pid:929 /usr/lib/
INFO 2022-03-25 20:00:03,118 pid:929 /usr/lib/
INFO 2022-03-25 20:00:03,150 pid:929 /usr/lib/
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
INFO 2022-03-25 20:00:03,291 pid:929 /usr/lib/ python3/ dist-packages/ samba/provision /__init_ _.py #1383: Adding DomainDN: DC=example,DC=fake ...