making Samba work [new detail]

Claude Jones claude_jones at levitjames.com
Mon Aug 8 21:06:22 UTC 2005 

On Monday 08 August 2005 2:34 am, Paul Howarth wrote:
> On Sun, 2005-08-07 at 21:24 -0400, Claude Jones wrote:
> > rdnc.key looks like this:
> >
> > key "rndckey" {
> >         algorithm       hmac-md5;
> >         secret
> > "cQQ08BlDIxazAR3ojoKFZWaH8f_long_string....................."; };
> >
> >
> > named.conf - the relevant section - looks like this:
> >
> > include "/etc/rndc.key";
> > key "rndckey" {
> >       algorithm hmac-md5;
> >       secret "sKXHs69HcF7C63BQLGNVQA==";
> > };
>
> There's your problem. The 'include "/etc/rndc.key"' is there so that
> your named.conf and rndc.conf can share a secret (both include the same
> file). However, your named.conf then introduces a new version of the
> same key, with what appears to be too short a secret. Try removing the
> lines:
>
> key "rndckey" {
>       algorithm hmac-md5;
>       secret "sKXHs69HcF7C63BQLGNVQA==";
> };
>
> > The only rdnc.conf file I can find is in /etc
> > It looks like this:
> >
> > options {
> >         default-server  localhost;
> >         default-key     "rndckey";
> > };
> >
> > server localhost {
> >         key     "rndckey";
> > };
> >
> > include "/etc/rndc.key";
> >
> > This is pointing to the wrong file, no? Shouldn't it be pointing to the
> > rndc.key file in /var/named/chroot/etc ????
>
> /etc/rndc.key should be a symlink to the one in the chroot:
>
> # ls -l /etc/rndc.key
> lrwxrwxrwx  1 root root 30 Jul 20 04:46 /etc/rndc.key
> -> /var/named/chroot/etc/rndc.key

Some progress: I deleted the lines you suggested from named.conf and I removed 
the rndc.key from /etc, then created a symlink in /etc to the rndc.key file 
in /var/named/chroot/etc

Now, I get the following when I restart named:

[root at viewridgeproductions2 ~]# service named restart
Stopping named:                                            [FAILED]
Starting named:                                            [  OK  ]
[root at viewridgeproductions2 ~]#  

It can't stop the service, but it can start it now...
This hasn't cured the original problem which started this whole thread, but, 
fixing broken things, even if only partially, is good ;-)
-- 
Claude Jones
Bluemont, VA, USA

More information about the fedora-list mailing list