[Freeipa-users] RHEL 6.4 , IPA 3.0 and bind-chroot
Dale Macartney
dale at themacartneyclan.com
Sat Feb 23 17:48:44 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all
I've just performed a clean IPA installation and noticed that if you're
using integrated DNS, you are still unable to use bind in a chrooted
environment with a default IPA install.
Basically if its a chrooted environment, named will fail to start.
To replicate what I've done, do the following.
# yum install ipa-server bind bind-chroot bind-dyndb-ldap -y
# ipa-server-install --setup-dns (do your usual thing here)
- From what I've been testing, there needs to be quite a few libraries
located in the chroot environment.
I've done the below to get a little further (I should probably use
symbolic links, but for now copying the files is a start).
mkdir /var/named/chroot/lib64/
cp /lib64/libldap-2.4.so.2 /var/named/chroot/lib64/
cp /lib64/liblber-2.4.so.2 /var/named/chroot/lib64/
cp /lib64/libplds4.so /var/named/chroot/lib64/
cp /lib64/libplc4.so /var/named/chroot/lib64/
cp /lib64/libnspr4.so /var/named/chroot/lib64/
cp /lib64/libcrypt.so.1 /var/named/chroot/lib64/
cp /lib64/libfreebl3.so /var/named/chroot/lib64/
mkdir /var/named/chroot/usr/lib64/
cp /usr/lib64/libssl3.so /var/named/chroot/usr/lib64/
cp /usr/lib64/libsmime3.so /var/named/chroot/usr/lib64/
cp /usr/lib64/libnss3.so /var/named/chroot/usr/lib64/
cp /usr/lib64/libnssutil3.so /var/named/chroot/usr/lib64/
cp /usr/lib64/libsasl2.so.2 /var/named/chroot/usr/lib64/
Now when I restart named, I get the below error in /var/log/messages.
Does anyone have any ideas of the best way to get around this error?
Feb 23 17:35:29 ds01 named[2425]: Failed to parse the principal name
DNS/ds01.example.com (Configuration file does not specify default realm)
Thanks folks.
Dale
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJRKQD4AAoJEAJsWS61tB+qN4QP/1yICe5uzSQFvARf1wFPfLzV
YWzS8orBTwtPAhVcTCfD6GNuFqiypzjumdqNwL75Gm4jBeB1dIoZnaMKaVWaTvau
0sryplL1YZVu4UBLWc5igOK5HRkIeV4yrzCnH/1vnDEiEkJQ8xPCRw7IEfXdD4/N
Cas5uOL9aJo9TQf22cHoIRoESeULzkLmn+tIOYpeTFQlnrhIpFhLcNO35gJmuwyG
revPahRhm4FsW368K+ZnhEouF3cBK+0rMpaC/yi7rUD6PXxK1LaSNMUREG9e6dh/
hx3LoR1tEhzu7buYymwQ33wKM3J9o+HOZiUkxann5YXG+4HBk96XgJ8Mh4bQ03ZJ
A6kMh4CFQxxuOMzQ65c2jj94zvSZFnLRMFgbWuWdZklEyVFk7m1aZ+b7wRwRafBB
BAnEYf+3yCnBjpXyKJSTIs1PZaOSQ0GFg1pLmLYr601ATJ5omcl/a5J4x/l2ofUq
PjFOmARAOb7hIX6zrlGuHFoXoctrweAmorO1suWsUR3beecaQAfMqpfpS9OkDsng
YM8C0IXAo31GGhJDOO0IzuGx+PMtb/ASrW+9ogWM9OI0cTPZvbZtUi0zrIt3lMzJ
62rTHJHvHbEk5sXZvZT9Omd42Tq2yNyt+40TrSZsQX5EBcTxiFD1aeI/UiISRQFI
vEJAbiE+LtGGDrso+6J+
=QR+Y
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list