making Samba work [new detail]

Paul Howarth paul at city-fan.org
Mon Aug 8 06:34:00 UTC 2005 

On Sun, 2005-08-07 at 21:24 -0400, Claude Jones wrote:
> On Sat August 6 2005 1:49 pm, Paul Howarth wrote:
> > On Sat, 2005-08-06 at 08:53 -0400, Claude Jones wrote:
> > > While looking at DNS matters this am, I checked to see if BIND was
> > > running:
> > >
> > > cj]# service named status
> > > rndc: decode base64 secret: bad base64 encoding
> > >
> > > Can anyone tell me what this means?
> >
> > Your /etc/rndc.key probably hasn't got a proper secret in it.
> >
> 
> If Jeremy is correct, and I'm running bind-chroot (didn't I read along the 
> way, that this is the FC4 default install?), then, here's what I've got:
> In /var/named/chroot/etc there are rdnc.key and named.conf -
> rdnc.key looks like this:
> 
> key "rndckey" {
>         algorithm       hmac-md5;
>         secret "cQQ08BlDIxazAR3ojoKFZWaH8f_long_string.....................";
> };
> 
> 
> named.conf - the relevant section - looks like this:
> 
> include "/etc/rndc.key";
> key "rndckey" {
>       algorithm hmac-md5;
>       secret "sKXHs69HcF7C63BQLGNVQA==";
> };

There's your problem. The 'include "/etc/rndc.key"' is there so that
your named.conf and rndc.conf can share a secret (both include the same
file). However, your named.conf then introduces a new version of the
same key, with what appears to be too short a secret. Try removing the
lines:

key "rndckey" {
      algorithm hmac-md5;
      secret "sKXHs69HcF7C63BQLGNVQA==";
};

> The only rdnc.conf file I can find is in /etc
> It looks like this:
> 
> options {
>         default-server  localhost;
>         default-key     "rndckey";
> };
> 
> server localhost {
>         key     "rndckey";
> };
> 
> include "/etc/rndc.key";
> 
> This is pointing to the wrong file, no? Shouldn't it be pointing to the 
> rndc.key file in /var/named/chroot/etc ????

/etc/rndc.key should be a symlink to the one in the chroot:

# ls -l /etc/rndc.key
lrwxrwxrwx  1 root root 30 Jul 20 04:46 /etc/rndc.key
-> /var/named/chroot/etc/rndc.key

Paul.
-- 
Paul Howarth <paul at city-fan.org>

More information about the fedora-list mailing list