can't do dhcp + samba + bind work together

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

can't do dhcp + samba + bind work together

artyom
I use official manual from wiki.samba.org for install samba 4.6.3 (from source) with bind_dlz on bind 9.9.10 (from source too). My OS is Debian Jessie x64 8.8 netinst. I use https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9
article for dynamic dhcp updates on dns zones. DHCP is working but dns updates not: i have this messages on my syslog then dhcpoffer:
 
May 17 14:24:35 ad1 dhcpd: DHCPRELEASE of 10.10.1.0 from ea:d6:54:12:48:54 (test-pc) via eth0 (found)
May 17 14:25:17 ad1 dhcpd: DHCPDISCOVER from ea:d6:54:12:48:54 via eth0
May 17 14:25:18 ad1 dhcpd: DHCPOFFER on 10.10.1.0 to ea:d6:54:12:48:54 (test-pc) via eth0
May 17 14:25:18 ad1 dhcpd: Commit: IP: 10.10.1.0 DHCID: 1:ea:d6:54:12:48:54 Name: test-pc
May 17 14:25:18 ad1 dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh
May 17 14:25:18 ad1 dhcpd: execute_statement argv[1] = add
May 17 14:25:18 ad1 dhcpd: execute_statement argv[2] = 10.10.1.0
May 17 14:25:18 ad1 dhcpd: execute_statement argv[3] = 1:ea:d6:54:12:48:54
May 17 14:25:18 ad1 dhcpd: execute_statement argv[4] = test-pc
May 17 14:25:18 ad1 dhcpd: execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256
May 17 14:25:18 ad1 dhcpd: DHCPREQUEST for 10.10.1.0 (10.10.0.3) from ea:d6:54:12:48:54 (test-pc) via eth0
May 17 14:25:18 ad1 dhcpd: DHCPACK on 10.10.1.0 to ea:d6:54:12:48:54 (test-pc) via eth0
 
BUT, then i use script from article in console like
 
root@ad1:~# /etc/dhcp/bin/dhcp-dyndns.sh add 10.10.1.254 01:02:03:04:06:07 twofivefoup
 
i get
 
could not find enclosing zone
 
in STDOUT and
 
May 17 14:32:09 ad1 named[611]: samba_dlz: starting transaction on zone kch.remel.lan
May 17 14:32:09 ad1 named[611]: samba_dlz: allowing update of signer=dhcpuser\@KCH.REMEL.LAN name=twofivefoup.kch.remel.lan tcpaddr=127.0.0.1 type=A key=2973367694.sig-ad1.kch.remel.lan/160/0
May 17 14:32:09 ad1 named[611]: samba_dlz: allowing update of signer=dhcpuser\@KCH.REMEL.LAN name=twofivefoup.kch.remel.lan tcpaddr=127.0.0.1 type=A key=2973367694.sig-ad1.kch.remel.lan/160/0
May 17 14:32:09 ad1 named[611]: client 127.0.0.1#36520/key dhcpuser\@KCH.REMEL.LAN: updating zone 'kch.remel.lan/NONE': deleting rrset at 'twofivefoup.kch.remel.lan' A
May 17 14:32:09 ad1 named[611]: client 127.0.0.1#36520/key dhcpuser\@KCH.REMEL.LAN: updating zone 'kch.remel.lan/NONE': adding an RR at 'twofivefoup.kch.remel.lan' A
May 17 14:32:09 ad1 named[611]: samba_dlz: added rdataset twofivefoup.kch.remel.lan 'twofivefoup.kch.remel.lan.#0113600#011IN#011A#01110.10.1.254'
May 17 14:32:09 ad1 named[611]: samba_dlz: subtracted rdataset kch.remel.lan 'kch.remel.lan.#0113600#011IN#011SOA#011ad1.kch.remel.lan. hostmaster.kch.remel.lan. 8 900 600 86400 3600'
May 17 14:32:09 ad1 named[611]: samba_dlz: added rdataset kch.remel.lan 'kch.remel.lan.#0113600#011IN#011SOA#011ad1.kch.remel.lan. hostmaster.kch.remel.lan. 9 900 600 86400 3600'
May 17 14:32:09 ad1 named[611]: samba_dlz: committed transaction on zone kch.remel.lan
May 17 14:32:09 ad1 remel: DHCP-DNS Update failed: 01
 
and i see this record in zone by:
 
root@ad1:~# nslookup twofivefoup
Server:         10.10.0.3
Address:        10.10.0.3#53
 
Name:   twofivefoup.kch.remel.lan
Address: 10.10.1.254
 
P.S. Sorry if this mail looks terrible - i never using mail lists before :)
Reply | Threaded
Open this post in threaded view
|

Re: can't do dhcp + samba + bind work together

Samba - General mailing list
On Wed, 17 May 2017 04:26:16 -0700 (PDT)
artyom via samba <[hidden email]> wrote:

> I use official manual from wiki.samba.org for install samba 4.6.3
> (from source) with bind_dlz on bind 9.9.10 (from source too). My OS
> is Debian Jessie x64 8.8 netinst. I use
> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9
> article for dynamic dhcp updates on dns zones. DHCP is working but dns
> updates not: i have this messages on my syslog then dhcpoffer:

> named[611]: samba_dlz: committed transaction on zone kch.remel.lan
> May 17 14:32:09 ad1 remel: DHCP-DNS Update failed: 01
>

The forward zone is getting updated but the reverse zone isn't, have
you created the reverse zone, it isn't created automatically.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: can't do dhcp + samba + bind work together

artyom
Samba - General mailing list wrote
On Wed, 17 May 2017 04:26:16 -0700 (PDT)
artyom via samba <[hidden email]> wrote:

> I use official manual from wiki.samba.org for install samba 4.6.3
> (from source) with bind_dlz on bind 9.9.10 (from source too). My OS
> is Debian Jessie x64 8.8 netinst. I use
> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9
> article for dynamic dhcp updates on dns zones. DHCP is working but dns
> updates not: i have this messages on my syslog then dhcpoffer:

> named[611]: samba_dlz: committed transaction on zone kch.remel.lan
> May 17 14:32:09 ad1 remel: DHCP-DNS Update failed: 01
>

The forward zone is getting updated but the reverse zone isn't, have
you created the reverse zone, it isn't created automatically.

Rowland
Thanks! Now, then i use

/etc/dhcp/bin/dhcp-dyndns.sh add 10.10.1.253 01:02:03:04:06:09 twofivethree

and later

/etc/dhcp/bin/dhcp-dyndns.sh delete 10.10.1.253 01:02:03:04:06:09 twofivethree

it's work well, no errors, but then i add a client (windows seven) i have:

May 18 09:10:35 ad1 dhcpd: DHCPDISCOVER from ea:d6:54:12:48:54 via eth0
May 18 09:10:36 ad1 dhcpd: DHCPOFFER on 10.10.1.0 to ea:d6:54:12:48:54 (test-pc) via eth0
May 18 09:10:36 ad1 dhcpd: Commit: IP: 10.10.1.0 DHCID: 1:ea:d6:54:12:48:54 Name: test-pc
May 18 09:10:36 ad1 dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh
May 18 09:10:36 ad1 dhcpd: execute_statement argv[1] = add
May 18 09:10:36 ad1 dhcpd: execute_statement argv[2] = 10.10.1.0
May 18 09:10:36 ad1 dhcpd: execute_statement argv[3] = 1:ea:d6:54:12:48:54
May 18 09:10:36 ad1 dhcpd: execute_statement argv[4] = test-pc
May 18 09:10:36 ad1 dhcpd: execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256
May 18 09:10:36 ad1 dhcpd: DHCPREQUEST for 10.10.1.0 (10.10.0.3) from ea:d6:54:12:48:54 (test-pc) via eth0
May 18 09:10:36 ad1 dhcpd: DHCPACK on 10.10.1.0 to ea:d6:54:12:48:54 (test-pc) via eth0
May 18 09:10:39 ad1 named[607]: samba_dlz: starting transaction on zone kch.remel.lan
May 18 09:10:39 ad1 named[607]: client 10.10.1.0#61811: update 'kch.remel.lan/IN' denied
May 18 09:10:39 ad1 named[607]: samba_dlz: cancelling transaction on zone kch.remel.lan
May 18 09:10:39 ad1 named[607]: samba_dlz: starting transaction on zone kch.remel.lan
May 18 09:10:39 ad1 named[607]: client 10.10.1.0#56098: update 'kch.remel.lan/IN' denied
May 18 09:10:39 ad1 named[607]: samba_dlz: cancelling transaction on zone kch.remel.lan

why it can deny transaction?
Reply | Threaded
Open this post in threaded view
|

Re: can't do dhcp + samba + bind work together

Samba - General mailing list
On Wed, 17 May 2017 21:12:56 -0700 (PDT)
artyom via samba <[hidden email]> wrote:

> Samba - General mailing list wrote
> > On Wed, 17 May 2017 04:26:16 -0700 (PDT)
> > artyom via samba &lt;
>
> > samba@.samba
>
> > &gt; wrote:
> >
> >> I use official manual from wiki.samba.org for install samba 4.6.3
> >> (from source) with bind_dlz on bind 9.9.10 (from source too). My OS
> >> is Debian Jessie x64 8.8 netinst. I use
> >> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9
> >> article for dynamic dhcp updates on dns zones. DHCP is working but
> >> dns updates not: i have this messages on my syslog then dhcpoffer:
> >
> >> named[611]: samba_dlz: committed transaction on zone kch.remel.lan
> >> May 17 14:32:09 ad1 remel: DHCP-DNS Update failed: 01
> >>
> >
> > The forward zone is getting updated but the reverse zone isn't, have
> > you created the reverse zone, it isn't created automatically.
> >
> > Rowland
>
> Thanks! Now, then i use
>
> /etc/dhcp/bin/dhcp-dyndns.sh add 10.10.1.253 01:02:03:04:06:09
> twofivethree
>
> and later
>
> /etc/dhcp/bin/dhcp-dyndns.sh delete 10.10.1.253 01:02:03:04:06:09
> twofivethree
>
> it's work well, no errors, but then i add a client (windows seven) i
> have:
>
> May 18 09:10:35 ad1 dhcpd: DHCPDISCOVER from ea:d6:54:12:48:54 via
> eth0 May 18 09:10:36 ad1 dhcpd: DHCPOFFER on 10.10.1.0 to
> ea:d6:54:12:48:54 (test-pc) via eth0
> May 18 09:10:36 ad1 dhcpd: Commit: IP: 10.10.1.0 DHCID:
> 1:ea:d6:54:12:48:54 Name: test-pc
> May 18 09:10:36 ad1 dhcpd: execute_statement argv[0] =
> /etc/dhcp/bin/dhcp-dyndns.sh
> May 18 09:10:36 ad1 dhcpd: execute_statement argv[1] = add
> May 18 09:10:36 ad1 dhcpd: execute_statement argv[2] = 10.10.1.0
> May 18 09:10:36 ad1 dhcpd: execute_statement argv[3] =
> 1:ea:d6:54:12:48:54 May 18 09:10:36 ad1 dhcpd: execute_statement
> argv[4] = test-pc May 18 09:10:36 ad1 dhcpd:
> execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256

For some reason the script is failing, probably for a permissions
problem.
Is apparmor installed ?
Please double check ownership of files etc.

> May 18 09:10:36 ad1 dhcpd: DHCPREQUEST for 10.10.1.0 (10.10.0.3) from
> ea:d6:54:12:48:54 (test-pc) via eth0
> May 18 09:10:36 ad1 dhcpd: DHCPACK on 10.10.1.0 to ea:d6:54:12:48:54
> (test-pc) via eth0
> May 18 09:10:39 ad1 named[607]: samba_dlz: starting transaction on
> zone kch.remel.lan
> May 18 09:10:39 ad1 named[607]: client 10.10.1.0#61811: update
> 'kch.remel.lan/IN' denied
> May 18 09:10:39 ad1 named[607]: samba_dlz: cancelling transaction on
> zone kch.remel.lan
> May 18 09:10:39 ad1 named[607]: samba_dlz: starting transaction on
> zone kch.remel.lan
> May 18 09:10:39 ad1 named[607]: client 10.10.1.0#56098: update
> 'kch.remel.lan/IN' denied
> May 18 09:10:39 ad1 named[607]: samba_dlz: cancelling transaction on
> zone kch.remel.lan
>
> why it can deny transaction?

This bit is easy, as I said, the script is failing, the above is from
when your clients try to update their own records and get denied.
You need to stop your clients trying to update their own records.

When it does work, you should see something like this in syslog:

May 18 06:32:28 member1 dhcpd: DHCPREQUEST for 192.168.0.118 from cc:4e:ec:e9:c8:d3 via eth0
May 18 06:32:28 member1 dhcpd: DHCPACK on 192.168.0.118 to cc:4e:ec:e9:c8:d3 via eth0
May 18 06:33:40 member1 dhcpd: Commit: IP: 192.168.0.164 DHCID: 1:1c:65:9d:9d:e6:94 Name: EAPDEV-PC
May 18 06:33:40 member1 dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh
May 18 06:33:40 member1 dhcpd: execute_statement argv[1] = add
May 18 06:33:40 member1 dhcpd: execute_statement argv[2] = 192.168.0.164
May 18 06:33:40 member1 dhcpd: execute_statement argv[3] = 1:1c:65:9d:9d:e6:94
May 18 06:33:40 member1 dhcpd: execute_statement argv[4] = EAPDEV-PC
May 18 06:33:40 member1 named[1980]: samba_dlz: starting transaction on zone samdom.example.com
May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=EAPDEV-PC.samdom.example.com tcpaddr=127.0.0.1 type=A key=3578045150.sig-member1.samdom.example.com/160/0
May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=EAPDEV-PC.samdom.example.com tcpaddr=127.0.0.1 type=A key=3578045150.sig-member1.samdom.example.com/160/0
May 18 06:33:40 member1 named[1980]: client 127.0.0.1#57668/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE': deleting rrset at 'EAPDEV-PC.samdom.example.com' A
May 18 06:33:40 member1 named[1980]: samba_dlz: subtracted rdataset EAPDEV-PC.samdom.example.com 'EAPDEV-PC.samdom.example.com.#0113600#011IN#011A#011192.168.0.164'
May 18 06:33:40 member1 named[1980]: client 127.0.0.1#57668/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE': adding an RR at 'EAPDEV-PC.samdom.example.com' A
May 18 06:33:40 member1 named[1980]: samba_dlz: added rdataset EAPDEV-PC.samdom.example.com 'EAPDEV-PC.samdom.example.com.#0113600#011IN#011A#011192.168.0.164'
May 18 06:33:40 member1 named[1980]: samba_dlz: committed transaction on zone samdom.example.com
May 18 06:33:40 member1 named[1980]: samba_dlz: starting transaction on zone 0.168.192.in-addr.arpa
May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=164.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=588484016.sig-member1.samdom.example.com/160/0
May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=164.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=588484016.sig-member1.samdom.example.com/160/0
May 18 06:33:40 member1 named[1980]: client 127.0.0.1#40979/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone '0.168.192.in-addr.arpa/NONE': deleting rrset at '164.0.168.192.in-addr.arpa' PTR
May 18 06:33:40 member1 named[1980]: samba_dlz: subtracted rdataset 164.0.168.192.in-addr.arpa '164.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011EAPDEV-PC.samdom.example.com.'
May 18 06:33:40 member1 named[1980]: client 127.0.0.1#40979/key dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone '0.168.192.in-addr.arpa/NONE': adding an RR at '164.0.168.192.in-addr.arpa' PTR
May 18 06:33:40 member1 named[1980]: samba_dlz: added rdataset 164.0.168.192.in-addr.arpa '164.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011EAPDEV-PC.samdom.example.com.'
May 18 06:33:40 member1 named[1980]: samba_dlz: committed transaction on zone 0.168.192.in-addr.arpa
May 18 06:33:40 member1 root: DHCP-DNS Update succeeded

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: can't do dhcp + samba + bind work together

artyom
Samba - General mailing list wrote
On Wed, 17 May 2017 21:12:56 -0700 (PDT)
artyom via samba <[hidden email]> wrote:


> >> I use official manual from wiki.samba.org for install samba 4.6.3
> >> (from source) with bind_dlz on bind 9.9.10 (from source too). My OS
> >> is Debian Jessie x64 8.8 netinst. I use
> >> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9
> >> article for dynamic dhcp updates on dns zones. DHCP is working but
> >> dns updates not: i have this messages on my syslog then dhcpoffer:
> >
> >> named[611]: samba_dlz: committed transaction on zone kch.remel.lan
> >> May 17 14:32:09 ad1 remel: DHCP-DNS Update failed: 01
> >>
> >
> > The forward zone is getting updated but the reverse zone isn't, have
> > you created the reverse zone, it isn't created automatically.
> >
> > Rowland
 
> Thanks! Now, then i use
>
> /etc/dhcp/bin/dhcp-dyndns.sh add 10.10.1.253 01:02:03:04:06:09
> twofivethree
>
> it's work well, no errors, but then i add a client (windows seven) i
> have:

> 1:ea:d6:54:12:48:54 May 18 09:10:36 ad1 dhcpd: execute_statement
> argv[4] = test-pc May 18 09:10:36 ad1 dhcpd:
> execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256
> May 18 09:10:39 ad1 named[607]: samba_dlz: starting transaction on
> zone kch.remel.lan
> May 18 09:10:39 ad1 named[607]: client 10.10.1.0#61811: update
> 'kch.remel.lan/IN' denied

>
> why it can deny transaction?

This bit is easy, as I said, the script is failing, the above is from
when your clients try to update their own records and get denied.
You need to stop your clients trying to update their own records.
When it does work, you should see something like this in syslog:

May 18 06:33:40 member1 named[1980]: samba_dlz: starting transaction on zone samdom.example.com

May 18 06:33:40 member1 named[1980]: samba_dlz: starting transaction on zone 0.168.192.in-addr.arpa
May 18 06:33:40 member1 named[1980]: samba_dlz: allowing update of signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=164.0.168.192.in-addr.arpa tcpaddr=127.0.0.1 type=PTR key=588484016.sig-member1.samdom.example.com/160/0

May 18 06:33:40 member1 root: DHCP-DNS Update succeeded

Rowland
I can stop it by unselecting this: ipv4 ->Properties->Advanced ->
DNS Tab -> Register this connection's addresses in DNS?

I know, it looks like an RTFM problem from me, but it's because unsecure updates from win dns client service? This start to work after I add this pc to domain. Now I have:

May 18 10:40:38 ad1 named[607]: samba_dlz: starting transaction on zone kch.remel.lan
May 18 10:40:38 ad1 named[607]: client 10.10.1.0#52807: update 'kch.remel.lan/IN' denied
May 18 10:40:38 ad1 named[607]: samba_dlz: cancelling transaction on zone kch.remel.lan
May 18 10:40:38 ad1 named[607]: samba_dlz: starting transaction on zone kch.remel.lan
May 18 10:40:38 ad1 named[607]: samba_dlz: allowing update of signer=TEST-PC\$\@KCH.REMEL.LAN name=test-pc.kch.remel.lan tcpaddr= type=A key=1204-ms-7.2-18d02.5706f740-3b8c-11e7-85ab-ead654124854/160/0
---OUT OMITTED-----
May 18 10:40:38 ad1 named[607]: samba_dlz: committed transaction on zone kch.remel.lan
May 18 10:40:38 ad1 named[607]: samba_dlz: starting transaction on zone 10.10.in-addr.arpa
May 18 10:40:38 ad1 named[607]: client 10.10.1.0#53044: update '10.10.in-addr.arpa/IN' denied
May 18 10:40:38 ad1 named[607]: samba_dlz: cancelling transaction on zone 10.10.in-addr.arpa
May 18 10:40:38 ad1 named[607]: samba_dlz: starting transaction on zone 10.10.in-addr.arpa
May 18 10:40:38 ad1 named[607]: samba_dlz: allowing update of signer=TEST-PC\$\@KCH.REMEL.LAN name=0.1.10.10.in-addr.arpa tcpaddr= type=PTR key=1204-ms-7.2-18d02.5706f740-3b8c-11e7-85ab-ead654124854/160/0
---OUT OMITTED-----
May 18 10:40:38 ad1 named[607]: samba_dlz: committed transaction on zone 10.10.in-addr.arpa

If I understand clearly, the second update (signer=TEST-PC) is a win client secure dynamic dns update in "domain mode". Whis is something like transaction conflict?