[Pkg-freeipa-devel] Bug#768122: freeipa-server: Bind fails to start during ipa-server-install because of wrong configuration template
Michal Kaspar
michal at kaspar.in
Wed Nov 5 06:01:39 UTC 2014
Package: freeipa-server
Version: 4.0.4-2
Severity: normal
Dear Maintainer,
Bind configuration template (/usr/share/ipa/bind.named.conf.template) fits Fedora conventions of config and other files placement, which leads to inability to start bind9 service during ipa-server-install which in turn leads to failure of the server configuration.
There are 3 main problems in the template:
1) It presumes bind's zone and other data files are placed in /var/named. It doesn't exist on my Debian system and these files are placed in /var/cache/bind. The quick and easy fix is to change directory directive in template to /var/cache/bind and create bind owned /var/cache/bind/data directory.
2) Template replaces existing /etc/bind/named.conf.local. But my Debian has options section of bind configuration placed in /etc/bind/named.conf.options (IMHO default). It causes 2 options sections in the configuration and bind refuses to start because of incorrect config. Comment out options in /etc/bind/named.conf.options is enough to make it continue.
3) Template includes file /etc/named.rfc1912.zones, where some default zones are placed on Fedora. In Debian, I think those zones are being set via /etc/bind/named.conf.default-zones.
The nicest thing would be to break template into files corresponding to Debian configuration and make ipa-server-install apply those, but maybe replacing /etc/bind/named.conf instead of /etc/named.conf.local would be enough (with some template tweaks).
Thank you for packaging freeipa though, because it's quite nice piece of software missing in Debian ecosystem in my opinion.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (650, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages freeipa-server depends on:
ii 389-ds-base 1.3.3.5-2
ii acl 2.2.52-2
ii apache2 2.4.10-6
ii bind9 1:9.9.5.dfsg-5
ii bind9-dyndb-ldap 6.0-1
ii certmonger 0.75.14-2
ii dogtag-pki-server-theme 10.2.0-2
ii fonts-font-awesome 4.2.0~dfsg-1
ii freeipa-admintools 4.0.4-2
ii freeipa-client 4.0.4-2
ii init-system-helpers 1.21
ii krb5-admin-server 1.12.1+dfsg-11
ii krb5-kdc 1.12.1+dfsg-11
ii krb5-kdc-ldap 1.12.1+dfsg-11
ii krb5-pkinit 1.12.1+dfsg-11
ii ldap-utils 2.4.40-2
ii libapache2-mod-auth-kerb 5.4-2.2
ii libapache2-mod-nss 1.0.10-2
ii libapache2-mod-wsgi 4.3.0-1
ii libc6 2.19-12
ii libcomerr2 1.42.12-1
ii libjs-dojo-core 1.10.2+dfsg-1
ii libjs-jquery 1.7.2+dfsg-3.2
ii libk5crypto3 1.12.1+dfsg-11
ii libkrad0 1.12.1+dfsg-11
ii libkrb5-3 1.12.1+dfsg-11
ii libldap-2.4-2 2.4.40-2
ii libnspr4 2:4.10.7-1
ii libnss3 2:3.17.2-1
ii libnss3-1d 2:3.17.2-1
ii libnss3-tools 2:3.17.2-1
ii libsasl2-modules-gssapi-mit 2.1.26.dfsg1-12
ii libssl1.0.0 1.0.1j-1
ii libtalloc2 2.1.1-2
ii libtevent0 0.9.21-1
ii libunistring0 0.9.3-5.2
ii libuuid1 2.25.2-2
ii libverto1 0.2.4-1
ii memcached 1.4.21-1
ii ntp 1:4.2.6.p5+dfsg-3.1
ii pki-ca 10.2.0-2
ii python 2.7.8-2
ii python-freeipa 4.0.4-2
ii python-krbv 1.0.90-1
ii python-ldap 2.4.10-1
ii python-pyasn1 0.1.7-1
ii python-qrcode 5.0.1-1
ii python-selinux 2.3-2
ii python-yubico 1.1.0-2
pn python:any <none>
ii samba-libs 2:4.1.13+dfsg-2
ii slapi-nis 0.54-1
freeipa-server recommends no packages.
freeipa-server suggests no packages.
-- no debconf information
More information about the Pkg-freeipa-devel
mailing list