On 05.11.2014 08:01, Michal Kaspar wrote: > Package: freeipa-server Version: 4.0.4-2 Severity: normal > > Dear Maintainer, Bind configuration template > (/usr/share/ipa/bind.named.conf.template) fits Fedora conventions of > config and other files placement, which leads to inability to start > bind9 service during ipa-server-install which in turn leads to > failure of the server configuration.
Indeed, though it doesn't fail the server install phase here, which is why I didn't catch this earlier.. > There are 3 main problems in the template: > > 1) It presumes bind's zone and other data files are placed in > /var/named. It doesn't exist on my Debian system and these files are > placed in /var/cache/bind. The quick and easy fix is to change > directory directive in template to /var/cache/bind and create bind > owned /var/cache/bind/data directory. Yep, fixing all paths.. upstream has changed this in git master so that the paths can be changed in the platform code, which is good > 2) Template replaces existing /etc/bind/named.conf.local. But my > Debian has options section of bind configuration placed in > /etc/bind/named.conf.options (IMHO default). It causes 2 options > sections in the configuration and bind refuses to start because of > incorrect config. Comment out options in /etc/bind/named.conf.options > is enough to make it continue. > > 3) Template includes file /etc/named.rfc1912.zones, where some > default zones are placed on Fedora. In Debian, I think those zones > are being set via /etc/bind/named.conf.default-zones. The nicest > thing would be to break template into files corresponding to Debian > configuration and make ipa-server-install apply those, but maybe > replacing /etc/bind/named.conf instead of /etc/named.conf.local > would be enough (with some template tweaks). I'll just replace named.conf. > Thank you for packaging freeipa though, because it's quite nice piece > of software missing in Debian ecosystem in my opinion. Thanks, nice to know at least someone else is using it (or trying to) :) -- t -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
