zentyal / zentyal

Linux Small Business Server
http://www.zentyal.org
GNU General Public License v2.0
540 stars 141 forks source link

Zentyal 6.2-7.0 bind9 error after restart #2080

Open epachirkov opened 3 years ago

epachirkov commented 3 years ago

Describe the bug After restart Zentyal 6.2 AD Controller and additional Zentyal 7.0 AD controller cannot start, freeze on EBox::DNS::appArmorProfiles - Setting DNS apparmor profile. In systemctl status bind9 see this message: окт 13 14:27:25 zentyal named[31555]: samba_dlz: Failed to configure zone '_msdcs.EP.LOC' окт 13 14:27:25 zentyal named[31555]: loading configuration: already exists окт 13 14:27:25 zentyal named[31555]: exiting (due to fatal error) If i add new additional controller - get same error after join domain.

To Reproduce Steps to reproduce the behavior:

  1. Restart Zentyal server
  2. See error

Expected behavior Run server

Zentyal OS (please complete the following information):

Additional context

/var/lib/bind/db.0.168.192:

$ORIGIN .
$TTL 259200 ; 3 days
0.168.192.in-addr.arpa  IN SOA  zentyal.ep.loc. hostmaster.ep.loc. (
                2021080519 ; serial
                28800      ; refresh (8 hours)
                7200       ; retry (2 hours)
                2419200    ; expire (4 weeks)
                86400      ; minimum (1 day)
                )
            NS  zentyal.ep.loc.
$ORIGIN 0.168.192.in-addr.arpa.
11          PTR pc1.ep.loc.
110         PTR pc2.ep.loc.
epachirkov commented 3 years ago

Find how to fix bug, but i dont now right now how fix it automatically: Run command when start dns freeze:

chgrp bind /var/lib/samba/private/
chmod 750 /var/lib/samba/private/
chgrp bind /var/lib/samba/private/dns.keytab
chmod 640 /var/lib/samba/private/dns.keytab

This problem refer to any fresh install additional DC with version 6.2 or 7.0. Need run this commands after every reboot or zs dns restart! P.S. Not fixed all. In zentyal.log: DEBUG> Ldap.pm:219 EBox::Ldap::safeConnect - FATAL: Could not connect to samba LDAP server: connect: Permission denied at FATAL: Could not connect to samba LDAP server: connect: Permission denied at /usr/share/perl5/EBox/Ldap.pm line 219

Neustradamus commented 3 years ago

@djoven89: Any news?

epachirkov commented 2 years ago

Fixed in a very strange way. I have a VM snapshot with memory where zentyal was working fine (unless restarting the DNS service). First run chmod and chgrp:

chgrp bind /var/lib/samba/private/
chmod 750 /var/lib/samba/private/
chgrp bind /var/lib/samba/private/dns.keytab
chmod 640 /var/lib/samba/private/dns.keytab

Then I transfer all FSMO roles to the Windows server and reboot zentyal. After that everything works fine and transfer FSMO back to zentyal and remove Windows controller. What is causing this error I don't understand, but maybe my comment help somebody.

brunolorente commented 2 years ago

Hi @epachirkov we are back! this is in our roadmap right now, as soon as we have a fix, we'll publish it :)

dkyrgia commented 1 year ago

I had the same problem which solved after I assigned static IP instead of DHCP on the server and locked at the router. Strange but it worked

Neustradamus commented 10 months ago

@epachirkov, @dkyrgia: Any news on this ticket?