Author Topic: Error after RNDC Reload  (Read 628 times)

ardiantotan

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Error after RNDC Reload
« on: January 28, 2022, 09:11:02 am »
Hello
Anyone can help to fix this error? (zentyal 6)
I try to add a new slave server to my DNS, i put the ip in /etc/bind/named.conf.options and /usr/share/zentyal/stubs/dns/named.conf.options.mas. then i change serial number on /var/cache/bind/my.zone
when i try to rndc reload it show succesfully but when i check on service bind9 status, shows this errors

# service bind9 status
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2022-01-28 15:06:57 WIB; 2s ago
     Docs: man:named(8)
  Process: 17322 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
  Process: 17325 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
 Main PID: 17325 (code=exited, status=1/FAILURE)

Jan 28 15:06:57 named[17325]: samba_dlz: ldb: module samba_dsdb initialization failed : Unknown error
Jan 28 15:06:57 named[17325]: samba_dlz: ldb: Unable to load modules for /var/lib/samba/private/dns/sam.ldb: Failed to update @INDEXLIST and @ATTRIBUTES records to
Jan 28 15:06:57 named[17325]: samba_dlz: Failed to connect to /var/lib/samba/private/dns/sam.ldb
Jan 28 15:06:57 named[17325]: dlz_dlopen of 'AD DNS Zone' failed
Jan 28 15:06:57 named[17325]: SDLZ driver failed to load.
Jan 28 15:06:57 named[17325]: DLZ driver failed to load.
Jan 28 15:06:57 named[17325]: loading configuration: failure
Jan 28 15:06:57 named[17325]: exiting (due to fatal error)
Jan 28 15:06:57 systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Jan 28 15:06:57 systemd[1]: bind9.service: Failed with result 'exit-code'.

Any idea for fix it?
impact for this error is my DNS can not running and the Active Directory too


turalyon

  • Zen Warrior
  • ***
  • Posts: 115
  • Karma: +12/-0
    • View Profile
Re: Error after RNDC Reload
« Reply #1 on: January 28, 2022, 11:52:55 am »
Hi,

Did you check which errors do you get in the following log files?

* /var/log/zentyal/zentyal.log
* /var/log/syslog

Also, did you check if the internal database of Samba has errors?

Code: [Select]
sudo samba-tool dbcheck --cross-ncs

Below you have more information about 'dbcheck' subcommand.

* https://wiki.samba.org/index.php/Dbcheck

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

ardiantotan

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Error after RNDC Reload
« Reply #2 on: January 29, 2022, 01:58:23 am »
I found some error in my /var/log/zentyal/zentyal.log

2022/01/28 14:05:04 ERROR> LDAP.pm:158 EBox::Module::LDAP::_connectToSchemaMaster - Error connecting to schema master role owner (ns1.indomaret.group) at Error connecting to schema master role owner (ns1.indomaret.group) at /usr/share/perl5/EBox/Module/LDAP.pm line 158
EBox::Module::LDAP::_connectToSchemaMaster('EBox::Samba=HASH(0x55f88e3bbee0)') called at /usr/share/perl5/EBox/Module/LDAP.pm line 275
EBox::Module::LDAP::_loadSchemasFiles('EBox::Samba=HASH(0x55f88e3bbee0)', 'ARRAY(0x55f88ef71918)') called at /usr/share/perl5/EBox/Module/LDAP.pm line 267
EBox::Module::LDAP::_loadSchemas('EBox::Samba=HASH(0x55f88e3bbee0)') called at /usr/share/perl5/EBox/Module/LDAP.pm line 341
EBox::Module::LDAP::_performSetup('EBox::Samba=HASH(0x55f88e3bbee0)') called at /usr/share/perl5/EBox/Samba.pm line 671
EBox::Samba::_regenConfig('EBox::Samba=HASH(0x55f88e3bbee0)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 967
eval {...} at /usr/share/perl5/EBox/Module/Service.pm line 966
EBox::Module::Service::restartService('EBox::Samba=HASH(0x55f88e3bbee0)', 'restartModules', 1) called at /usr/share/perl5/EBox/Util/Init.pm line 121
eval {...} at /usr/share/perl5/EBox/Util/Init.pm line 119
EBox::Util::Init::moduleAction('samba', 'restartService', 'start') called at /usr/share/perl5/EBox/Util/Init.pm line 87
EBox::Util::Init::start at /usr/bin/zs line 35
main::main at /usr/bin/zs line 82
2022/01/28 14:05:04 ERROR> Service.pm:969 EBox::Module::Service::restartService - Error restarting service: Error connecting to schema master role owner (ns1.indomaret.group)
2022/01/28 14:05:04 ERROR> Service.pm:971 EBox::Module::Service::restartService - Error connecting to schema master role owner (ns1.indomaret.group) at Error connecting to schema master role owner (ns1.indomaret.group) at /usr/share/perl5/EBox/Module/Service.pm line 971
EBox::Module::Service::restartService('EBox::Samba=HASH(0x55f88e3bbee0)', 'restartModules', 1) called at /usr/share/perl5/EBox/Util/Init.pm line 121
eval {...} at /usr/share/perl5/EBox/Util/Init.pm line 119
EBox::Util::Init::moduleAction('samba', 'restartService', 'start') called at /usr/share/perl5/EBox/Util/Init.pm line 87
EBox::Util::Init::start at /usr/bin/zs line 35
main::main at /usr/bin/zs line 82

in /var/log/syslog only have information that same as "service bind9 status"

when i check with:
sudo samba-tool dbcheck --cross-ncs
it shows 7 error and reccomend me to use --fix
What happen if i do sudo samba-tool dbcheck --fix?

hortimech1

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Error after RNDC Reload
« Reply #3 on: January 30, 2022, 11:39:45 am »
First, never run 'rndc reload' on a Samba AD DC running Bind9, it doesn't work and leads to errors.
Secondly, you cannot tun a slave dns server with Samba AD, If you must run Bind9, it must run on a Samba AD DC. This is because all AD DC's are dns masters (it is known as multimaster)

If dbcheck is telling you run '--fix' , then run it, but it unlikely to be your problem, it is your dns misconfiguration that is likely to be your problem.
 

turalyon

  • Zen Warrior
  • ***
  • Posts: 115
  • Karma: +12/-0
    • View Profile
Re: Error after RNDC Reload
« Reply #4 on: February 03, 2022, 10:46:19 am »
Hi,

According the log file, your Domain Controller module cannot contact with the server that has the FSMO roles (ns1.indomaret.group). You should check that.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

ardiantotan

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Error after RNDC Reload
« Reply #5 on: February 04, 2022, 03:33:39 am »
my domain controller is the error one (ns1.indomaret.group)
could you explain what must i do? should i transfer fsmo roles from other server to this server?
i've tried to 'command' config on "/etc/bind/named.conf.local":


dlz "AD DNS Zone" {
   database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
};

I command this one and the error gone,service dns is up, but it seems the server still cannot connect to AD if i do 'command' on dlz "AD DNS Zone"

turalyon

  • Zen Warrior
  • ***
  • Posts: 115
  • Karma: +12/-0
    • View Profile
Re: Error after RNDC Reload
« Reply #6 on: February 04, 2022, 10:51:10 am »
Hi,

If I were you, I'll do the following:

1. Check the owner of the FSMO roles:

Code: [Select]
sudo samba-tool fsmo show

2. Ensure that there is connection between the owner of the FSMO roles and your Zentyal server.

Code: [Select]
ping ns1.indomaret.group

3. If your Zentyal server does not owns the FSMO roles, make sure that the Domain controller that owns them it is working correctly, and also, check that there is not any firewall rule that could be blocking the Samba's ports.

* https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage

4. Fix the issues with the internal database of Samba:

Code: [Select]
sudo samba-tool dbcheck --fix --yes

5. Make a mark in the important log files:

Code: [Select]
for i in /var/log/zentyal/zentyal.log /var/log/syslog /var/log/samba/samba.log; do echo "#### DEBUGGING" | sudo tee -a $i; done

6. Through Zentyal GUI, disable the modules: Domain Controller and DNS.

7. Through Zentyal GUI, enable DNS module, save changes, check its status and analyze the log files from step 5..

8. Do the same but with Domain Controller module.

NOTE:
The above steps could cause a system failure, specially from step 4, so, make sure that you have a backup of your Zentyal server.

Hope it helps you.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".