bind9 and isc-dhcp-Server for dynamic DNS-updates Error

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

bind9 and isc-dhcp-Server for dynamic DNS-updates Error

Samba - General mailing list
Hello, I try to set up a AD with bind9 and isc-dhcp-Server for dynamic
DNS-updates. I followd the wiki:
https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_wi 
th_BIND9

But I have this error:
Oct 7 12:17:36 samba467 dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh
Oct 7 12:17:36 samba467 dhcpd: execute_statement argv[1] = add
Oct 7 12:17:36 samba467 dhcpd: execute_statement argv[2] = 192.168.16.38
Oct 7 12:17:36 samba467 dhcpd: execute_statement argv[3] = 1:8:0:27:e7:a:66
Oct 7 12:17:36 samba467 dhcpd: execute_statement argv[4] = omtest
Oct 7 12:17:36 samba467 dhcpd: execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256

If I execute the script manually, it works ok
> /etc/dhcp/bin/dhcp-dyndns.sh add 192.168.16.38 1:8:0:27:e7:a:66 omtest

I use Debian Jessie.

Please, help me
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: bind9 and isc-dhcp-Server for dynamic DNS-updates Error

Samba - General mailing list
On Sat, 7 Oct 2017 12:37:49 -0400 (CDT)
Siovel Rodríguez Morales via samba <[hidden email]> wrote:

> Hello, I try to set up a AD with bind9 and isc-dhcp-Server for
> dynamic DNS-updates. I followd the wiki:
> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_wi 
> th_BIND9
>
> But I have this error:
> Oct 7 12:17:36 samba467 dhcpd: execute_statement argv[0]
> = /etc/dhcp/bin/dhcp-dyndns.sh Oct 7 12:17:36 samba467 dhcpd:
> execute_statement argv[1] = add Oct 7 12:17:36 samba467 dhcpd:
> execute_statement argv[2] = 192.168.16.38 Oct 7 12:17:36 samba467
> dhcpd: execute_statement argv[3] = 1:8:0:27:e7:a:66 Oct 7 12:17:36
> samba467 dhcpd: execute_statement argv[4] = omtest Oct 7 12:17:36
> samba467 dhcpd: execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256
>
> If I execute the script manually, it works ok
> > /etc/dhcp/bin/dhcp-dyndns.sh add 192.168.16.38 1:8:0:27:e7:a:66
> > omtest
>
> I use Debian Jessie.
>
> Please, help me

Have you followed the wikipage exactly, or have you changed anything ?
Is Bind9 installed on the Samba DC ?

Try rebooting the DC and see if this helps, I can assure you it works,
it has done for me for the last 5 years.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: bind9 and isc-dhcp-Server for dynamic DNS-updates Error

Samba - General mailing list
Hello Rolawnd, I followed the wikipage exactly. Bind9 is installed on the Samba DC.
The Linux-Client should be a member of the Active Directory-domain?

Regards

----- Mensaje original -----
De: "samba" <[hidden email]>
Para: "samba" <[hidden email]>
Enviados: Sábado, 7 de Octubre 2017 13:29:43
Asunto: Re: [Samba] bind9 and isc-dhcp-Server for dynamic DNS-updates Error

On Sat, 7 Oct 2017 12:37:49 -0400 (CDT)
Siovel Rodríguez Morales via samba <[hidden email]> wrote:

> Hello, I try to set up a AD with bind9 and isc-dhcp-Server for
> dynamic DNS-updates. I followd the wiki:
> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_wi 
> th_BIND9
>
> But I have this error:
> Oct 7 12:17:36 samba467 dhcpd: execute_statement argv[0]
> = /etc/dhcp/bin/dhcp-dyndns.sh Oct 7 12:17:36 samba467 dhcpd:
> execute_statement argv[1] = add Oct 7 12:17:36 samba467 dhcpd:
> execute_statement argv[2] = 192.168.16.38 Oct 7 12:17:36 samba467
> dhcpd: execute_statement argv[3] = 1:8:0:27:e7:a:66 Oct 7 12:17:36
> samba467 dhcpd: execute_statement argv[4] = omtest Oct 7 12:17:36
> samba467 dhcpd: execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256
>
> If I execute the script manually, it works ok
> > /etc/dhcp/bin/dhcp-dyndns.sh add 192.168.16.38 1:8:0:27:e7:a:66
> > omtest
>
> I use Debian Jessie.
>
> Please, help me

Have you followed the wikipage exactly, or have you changed anything ?
Is Bind9 installed on the Samba DC ?

Try rebooting the DC and see if this helps, I can assure you it works,
it has done for me for the last 5 years.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: bind9 and isc-dhcp-Server for dynamic DNS-updates Error

Samba - General mailing list
On Sat, 7 Oct 2017 16:55:50 -0400 (CDT)
Siovel Rodríguez Morales <[hidden email]> wrote:

> Hello Rolawnd, I followed the wikipage exactly. Bind9 is installed on
> the Samba DC. The Linux-Client should be a member of the Active
> Directory-domain?
>

It works for printers and I haven't yet found a way to join them to a
domain ;-)

It should work like a normal DHCP server, but it should also update the
Samba AD records.

Two things, can you post your named.conf files and can you find this
line in the /etc/dhcp/bin/dhcp-dyndns.sh :

#NSUPDFLAGS="-d"

remove the comment sign '#' and try again.

You should get a lot more info in the logs.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: bind9 and isc-dhcp-Server for dynamic DNS-updates Error

Samba - General mailing list
This is my named.conf
options {
                directory "/var/cache/bind";
                notify no;
                empty-zones-enable no;
                auth-nxdomain yes;
                listen-on-v6 { none; };
                forwarders { 192.168.10.3; 10.0.0.3; };
                allow-query { 127.0.0.1/32; 192.168.16.0/24; };
                allow-recursion { 127.0.0.1/32; 192.168.16.0/24; };
                tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

I remove the comment sign '#'
NSUPDFLAGS="-d"

But the logs are the same:
Oct  7 17:44:38 samba467 dhcpd: DHCPREQUEST for 192.168.16.38 from 08:00:27:e7:0a:66 (omtest) via eth0
Oct  7 17:44:38 samba467 dhcpd: DHCPACK on 192.168.16.38 to 08:00:27:e7:0a:66 (omtest) via eth0
Oct  7 17:44:55 samba467 dhcpd: Commit: IP: 192.168.16.37 DHCID: 1:0:c:29:e5:43:bf Name: ubuntu
Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh
Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[1] = add
Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[2] = 192.168.16.37
Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[3] = 1:0:c:29:e5:43:bf
Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[4] = ubuntu
Oct  7 17:44:55 samba467 dhcpd: execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256


----- Mensaje original -----
De: "samba" <[hidden email]>
Para: "samba" <[hidden email]>
Enviados: Sábado, 7 de Octubre 2017 17:30:54
Asunto: Re: [Samba] bind9 and isc-dhcp-Server for dynamic DNS-updates Error

On Sat, 7 Oct 2017 16:55:50 -0400 (CDT)
Siovel Rodríguez Morales <[hidden email]> wrote:

> Hello Rolawnd, I followed the wikipage exactly. Bind9 is installed on
> the Samba DC. The Linux-Client should be a member of the Active
> Directory-domain?
>

It works for printers and I haven't yet found a way to join them to a
domain ;-)

It should work like a normal DHCP server, but it should also update the
Samba AD records.

Two things, can you post your named.conf files and can you find this
line in the /etc/dhcp/bin/dhcp-dyndns.sh :

#NSUPDFLAGS="-d"

remove the comment sign '#' and try again.

You should get a lot more info in the logs.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: bind9 and isc-dhcp-Server for dynamic DNS-updates Error

Samba - General mailing list
On Sat, 7 Oct 2017 17:51:27 -0400 (CDT)
Siovel Rodríguez Morales <[hidden email]> wrote:

> This is my named.conf
> options {
>                 directory "/var/cache/bind";
>                 notify no;
>                 empty-zones-enable no;
>                 auth-nxdomain yes;
>                 listen-on-v6 { none; };
>                 forwarders { 192.168.10.3; 10.0.0.3; };
>                 allow-query { 127.0.0.1/32; 192.168.16.0/24; };
>                 allow-recursion { 127.0.0.1/32; 192.168.16.0/24; };
>                 tkey-gssapi-keytab
> "/usr/local/samba/private/dns.keytab"; };
>
> I remove the comment sign '#'
> NSUPDFLAGS="-d"
>
> But the logs are the same:
> Oct  7 17:44:38 samba467 dhcpd: DHCPREQUEST for 192.168.16.38 from
> 08:00:27:e7:0a:66 (omtest) via eth0 Oct  7 17:44:38 samba467 dhcpd:
> DHCPACK on 192.168.16.38 to 08:00:27:e7:0a:66 (omtest) via eth0 Oct
> 7 17:44:55 samba467 dhcpd: Commit: IP: 192.168.16.37 DHCID:
> 1:0:c:29:e5:43:bf Name: ubuntu Oct  7 17:44:55 samba467 dhcpd:
> execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh Oct  7
> 17:44:55 samba467 dhcpd: execute_statement argv[1] = add Oct  7
> 17:44:55 samba467 dhcpd: execute_statement argv[2] = 192.168.16.37
> Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[3] =
> 1:0:c:29:e5:43:bf Oct  7 17:44:55 samba467 dhcpd: execute_statement
> argv[4] = ubuntu Oct  7 17:44:55 samba467 dhcpd:
> execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256
>
>

These are my named.conf files:

/etc/bind/named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

/etc/bind/named.conf.options

options {
        directory "/var/cache/bind";
        notify no;
        empty-zones-enable no;
        allow-query { 127.0.0.1; 192.168.0.0/24; };
        allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
        forwarders { 8.8.8.8; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;
        listen-on-v6 { none; };
        listen-on port 53 { 192.168.0.2; 127.0.0.1; };
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

/etc/bind/named.conf.local

include "/usr/local/samba/private/named.conf";

/etc/bind/named.conf.default-zones

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

/etc/default/bind9

# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -4"

Removing the '#' should make dnsupdate be a lot more verbous, but it
doesn't seem to be outputting anything, when it works correctly you
should see something like this in syslog:

Oct  7 06:36:51 dc1.example.com dhcpd: DHCPREQUEST for 192.168.0.88 from ec:08:6b:0c:cb:c2 (devstation) via eth0
Oct  7 06:36:51 dc1.example.com dhcpd: DHCPACK on 192.168.0.88 to ec:08:6b:0c:cb:c2 (devstation) via eth0
Oct  7 06:51:36 dc1.example.com dhcpd: Commit: IP: 192.168.0.88 DHCID: 1:ec:8:6b:c:cb:c2 Name: devstation
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[1] = add
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[2] = 192.168.0.88
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[3] = 1:ec:8:6b:c:cb:c2
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[4] = devstation
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: starting transaction on zone samdom.example.com
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=devstation.samdom.example.com tcpaddr=127.0.0.1 type=A key=3046387417.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=devstation.samdom.example.com tcpaddr=127.0.0.1 type=A key=3046387417.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#44121/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE': deleting rrset at 'devstation.samdom.example.com' A
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: subtracted rdataset devstation.samdom.example.com 'devstation.samdom.example.com.#0113600#011IN#011A#011192.168.0.88'
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#44121/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE': adding an RR at 'devstation.samdom.example.com' A
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: added rdataset devstation.samdom.example.com 'devstation.samdom.example.com.#0113600#011IN#011A#011192.168.0.88'
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: committed transaction on zone samdom.example.com
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: starting transaction on zone 0.168.192.in-addr.arpa
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=88.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=1661100354.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=88.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=1661100354.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#36142/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone '0.168.192.in-addr.arpa/NONE': deleting rrset at '88.0.168.192.in-addr.arpa' PTR
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: subtracted rdataset 88.0.168.192.in-addr.arpa '88.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011devstation.samdom.example.com.'
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#36142/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone '0.168.192.in-addr.arpa/NONE': adding an RR at '88.0.168.192.in-addr.arpa' PTR
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: added rdataset 88.0.168.192.in-addr.arpa '88.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011devstation.samdom.example.com.'
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: committed transaction on zone 0.168.192.in-addr.arpa
Oct  7 06:51:37 dc1.example.com root: DHCP-DNS Update succeeded

Just another thought, there isn't another dhcp server on the same
network is there ?

and yet another thought, the clients name seems to be 'ubuntu' , have
you turned of dnsmasq in Network-Manager ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: bind9 and isc-dhcp-Server for dynamic DNS-updates Error

Samba - General mailing list
Hi Rowland, I have not another dhcp server. dnsmasq is not configured.

I think the problem may be permissions. Which distribution linux do you use, Ubuntu?
I was tracing the script code dhcp-dyndns.sh, when the execution on the first line fails

Is correct this instructions in Debian:
 chown root:root  /etc/dhcp/dhcpduser.keytab
 chmod 400  /etc/dhcp/dhcpduser.keytab


----- Mensaje original -----
De: "samba" <[hidden email]>
Para: "samba" <[hidden email]>
Enviados: Sábado, 7 de Octubre 2017 18:19:59
Asunto: Re: [Samba] bind9 and isc-dhcp-Server for dynamic DNS-updates Error

On Sat, 7 Oct 2017 17:51:27 -0400 (CDT)
Siovel Rodríguez Morales <[hidden email]> wrote:

> This is my named.conf
> options {
>                 directory "/var/cache/bind";
>                 notify no;
>                 empty-zones-enable no;
>                 auth-nxdomain yes;
>                 listen-on-v6 { none; };
>                 forwarders { 192.168.10.3; 10.0.0.3; };
>                 allow-query { 127.0.0.1/32; 192.168.16.0/24; };
>                 allow-recursion { 127.0.0.1/32; 192.168.16.0/24; };
>                 tkey-gssapi-keytab
> "/usr/local/samba/private/dns.keytab"; };
>
> I remove the comment sign '#'
> NSUPDFLAGS="-d"
>
> But the logs are the same:
> Oct  7 17:44:38 samba467 dhcpd: DHCPREQUEST for 192.168.16.38 from
> 08:00:27:e7:0a:66 (omtest) via eth0 Oct  7 17:44:38 samba467 dhcpd:
> DHCPACK on 192.168.16.38 to 08:00:27:e7:0a:66 (omtest) via eth0 Oct
> 7 17:44:55 samba467 dhcpd: Commit: IP: 192.168.16.37 DHCID:
> 1:0:c:29:e5:43:bf Name: ubuntu Oct  7 17:44:55 samba467 dhcpd:
> execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh Oct  7
> 17:44:55 samba467 dhcpd: execute_statement argv[1] = add Oct  7
> 17:44:55 samba467 dhcpd: execute_statement argv[2] = 192.168.16.37
> Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[3] =
> 1:0:c:29:e5:43:bf Oct  7 17:44:55 samba467 dhcpd: execute_statement
> argv[4] = ubuntu Oct  7 17:44:55 samba467 dhcpd:
> execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256
>
>

These are my named.conf files:

/etc/bind/named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

/etc/bind/named.conf.options

options {
        directory "/var/cache/bind";
        notify no;
        empty-zones-enable no;
        allow-query { 127.0.0.1; 192.168.0.0/24; };
        allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
        forwarders { 8.8.8.8; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;
        listen-on-v6 { none; };
        listen-on port 53 { 192.168.0.2; 127.0.0.1; };
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

/etc/bind/named.conf.local

include "/usr/local/samba/private/named.conf";

/etc/bind/named.conf.default-zones

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

/etc/default/bind9

# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -4"

Removing the '#' should make dnsupdate be a lot more verbous, but it
doesn't seem to be outputting anything, when it works correctly you
should see something like this in syslog:

Oct  7 06:36:51 dc1.example.com dhcpd: DHCPREQUEST for 192.168.0.88 from ec:08:6b:0c:cb:c2 (devstation) via eth0
Oct  7 06:36:51 dc1.example.com dhcpd: DHCPACK on 192.168.0.88 to ec:08:6b:0c:cb:c2 (devstation) via eth0
Oct  7 06:51:36 dc1.example.com dhcpd: Commit: IP: 192.168.0.88 DHCID: 1:ec:8:6b:c:cb:c2 Name: devstation
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[1] = add
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[2] = 192.168.0.88
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[3] = 1:ec:8:6b:c:cb:c2
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[4] = devstation
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: starting transaction on zone samdom.example.com
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=devstation.samdom.example.com tcpaddr=127.0.0.1 type=A key=3046387417.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=devstation.samdom.example.com tcpaddr=127.0.0.1 type=A key=3046387417.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#44121/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE': deleting rrset at 'devstation.samdom.example.com' A
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: subtracted rdataset devstation.samdom.example.com 'devstation.samdom.example.com.#0113600#011IN#011A#011192.168.0.88'
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#44121/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE': adding an RR at 'devstation.samdom.example.com' A
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: added rdataset devstation.samdom.example.com 'devstation.samdom.example.com.#0113600#011IN#011A#011192.168.0.88'
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: committed transaction on zone samdom.example.com
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: starting transaction on zone 0.168.192.in-addr.arpa
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=88.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=1661100354.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=88.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=1661100354.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#36142/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone '0.168.192.in-addr.arpa/NONE': deleting rrset at '88.0.168.192.in-addr.arpa' PTR
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: subtracted rdataset 88.0.168.192.in-addr.arpa '88.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011devstation.samdom.example.com.'
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#36142/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone '0.168.192.in-addr.arpa/NONE': adding an RR at '88.0.168.192.in-addr.arpa' PTR
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: added rdataset 88.0.168.192.in-addr.arpa '88.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011devstation.samdom.example.com.'
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: committed transaction on zone 0.168.192.in-addr.arpa
Oct  7 06:51:37 dc1.example.com root: DHCP-DNS Update succeeded

Just another thought, there isn't another dhcp server on the same
network is there ?

and yet another thought, the clients name seems to be 'ubuntu' , have
you turned of dnsmasq in Network-Manager ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: bind9 and isc-dhcp-Server for dynamic DNS-updates Error

Samba - General mailing list
On Sat, 7 Oct 2017 20:08:26 -0400 (CDT)
Siovel Rodríguez Morales <[hidden email]> wrote:

> Hi Rowland, I have not another dhcp server. dnsmasq is not configured.

No, do you have a line in /etc/Network-Manager/Network-Manager.conf
with 'dnsmasq' in it ?
If so, comment it out and restart Network-Manager

What is in /etc/hosts and /etc/resolv.conf ?

>
> I think the problem may be permissions. Which distribution linux do
> you use, Ubuntu? I was tracing the script code dhcp-dyndns.sh, when
> the execution on the first line fails

You could be right, is apparmor running ?
I use Devuan

>
> Is correct this instructions in Debian:
>  chown root:root  /etc/dhcp/dhcpduser.keytab
>  chmod 400  /etc/dhcp/dhcpduser.keytab
>

It is correct on Devuan, so should be correct on debian, but check who
runs DHCP on your system.

I will send you a script to replace the /etc/dhcp/bin/dhcp-dyndns.sh.
It is the same as the one on the wikipage, but it will output
information to a text file in /tmp: /tmp/Update.txt
It also has '-d' hardcoded.

If you can try this script and then send me /tmp/Update.txt and
anything relevant from /var/log/syslog, I will see if I can work out
what is going wrong.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: bind9 and isc-dhcp-Server for dynamic DNS-updates Error

Samba - General mailing list
Hi Rowland, I resolve the problem partially.

The problem was due to the fact that I do not have winbind installed because Samba 4, Bind9 and isc-dhcp-server are on the same server.
I commented on these lines in the script dhcp-dyndns.sh and it worked (on commit and on release but not on expiry )
#TESTUSER=$(wbinfo -u | grep dhcpduser)
#if [ -z "${TESTUSER}" ]; then
#    echo "No AD dhcp user exists, need to create it first.. exiting."
#    echo "you can do this by typing the following commands"
#    echo "kinit Administrator@${REALM}"
#    echo "samba-tool user create dhcpduser --random-password --description=\"Unprivileged user for DNS updates via ISC DHCP server\""
#    echo "samba-tool user setexpiry dhcpduser --noexpiry"
#    echo "samba-tool group addmembers DnsAdmins dhcpduser"
#    exit 1
#else
#    echo "TESTUSER: ${TESTUSER}" >> /tmp/Update.txt
#fi

Now when an IP address expires, the dns is not update. I execute manually the script and don't work
/etc/dhcp/bin/dhcp-dyndns.sh delete 192.168.16.37  0              

This is the /tmp/Update.txt  file

DOMAIN: sco.cu
REALM: SCO.CU
KRB5CCNAME: /tmp/dhcp-dyndns.cc
Keytab exists
ACTION: delete
IP: 192.168.16.37
DHCID:
NAME: 0

This is the /var/log/syslog
Oct  8 17:22:35 samba467 dhcpd: Expired: IP: 192.168.16.37
Oct  8 17:22:35 samba467 dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh
Oct  8 17:22:35 samba467 dhcpd: execute_statement argv[1] = delete
Oct  8 17:22:35 samba467 dhcpd: execute_statement argv[2] = 192.168.16.37
Oct  8 17:22:35 samba467 dhcpd: execute_statement argv[3] =
Oct  8 17:22:35 samba467 dhcpd: execute_statement argv[4] = 0
Oct  8 17:22:35 samba467 dhcpd: execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256


Maybe these lines should be commented:
# Exit if no ip address or mac-address
if [ -z "${ip}" ] || [ -z "${DHCID}" ]; then
    usage
    exit 1
fi


Thanks for the valuable help,
 

----- Mensaje original -----
De: "samba" <[hidden email]>
Para: "samba" <[hidden email]>
Enviados: Domingo, 8 de Octubre 2017 4:36:24
Asunto: Re: [Samba] bind9 and isc-dhcp-Server for dynamic DNS-updates Error

On Sat, 7 Oct 2017 20:08:26 -0400 (CDT)
Siovel Rodríguez Morales <[hidden email]> wrote:

> Hi Rowland, I have not another dhcp server. dnsmasq is not configured.

No, do you have a line in /etc/Network-Manager/Network-Manager.conf
with 'dnsmasq' in it ?
If so, comment it out and restart Network-Manager

What is in /etc/hosts and /etc/resolv.conf ?

>
> I think the problem may be permissions. Which distribution linux do
> you use, Ubuntu? I was tracing the script code dhcp-dyndns.sh, when
> the execution on the first line fails

You could be right, is apparmor running ?
I use Devuan

>
> Is correct this instructions in Debian:
>  chown root:root  /etc/dhcp/dhcpduser.keytab
>  chmod 400  /etc/dhcp/dhcpduser.keytab
>

It is correct on Devuan, so should be correct on debian, but check who
runs DHCP on your system.

I will send you a script to replace the /etc/dhcp/bin/dhcp-dyndns.sh.
It is the same as the one on the wikipage, but it will output
information to a text file in /tmp: /tmp/Update.txt
It also has '-d' hardcoded.

If you can try this script and then send me /tmp/Update.txt and
anything relevant from /var/log/syslog, I will see if I can work out
what is going wrong.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: bind9 and isc-dhcp-Server for dynamic DNS-updates Error

Samba - General mailing list
On Sun, 8 Oct 2017 17:30:49 -0400 (CDT)
Siovel Rodríguez Morales <[hidden email]> wrote:

> Hi Rowland, I resolve the problem partially.
>
> The problem was due to the fact that I do not have winbind installed
> because Samba 4, Bind9 and isc-dhcp-server are on the same server. I
> commented on these lines in the script dhcp-dyndns.sh and it worked
> (on commit and on release but not on expiry )
>#TESTUSER=$(wbinfo -u | grep dhcpduser)
>#if [ -z "${TESTUSER}" ]; then
>#    echo "No AD dhcp user exists, need to create it first.. exiting."
>#    echo "you can do this by typing the following commands"
>#    echo "kinit Administrator@${REALM}"
>#    echo "samba-tool user create dhcpduser --random-password
> --description=\"Unprivileged user for DNS updates
> via ISC DHCP server\""
>#    echo "samba-tool user setexpiry dhcpduser --noexpiry"
>#    echo "samba-tool group addmembers DnsAdmins dhcpduser"
>#    exit 1
>#else
> #    echo "TESTUSER: ${TESTUSER}" >> /tmp/Update.txt
> #fi
>

The script only works on a DC.
You must have a Samba AD DC running, this requires winbind.
You must have Bind 9 installed and working on the DC.
You must install DHCP on the same DC.
You need 'dhcpduser'.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba